Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26312 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-09-16 | 5.5 Medium |
| Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | ||||
| CVE-2022-23825 | 5 Amd, Debian, Fedoraproject and 2 more | 253 A10-9600p, A10-9600p Firmware, A10-9630p and 250 more | 2024-09-16 | 6.5 Medium |
| Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | ||||
| CVE-2021-29115 | 1 Esri | 1 Arcgis Enterprise | 2024-09-16 | 5.3 Medium |
| An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. | ||||
| CVE-2020-26086 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2024-09-16 | 4.3 Medium |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information. | ||||
| CVE-2021-31407 | 1 Vaadin | 2 Flow, Vaadin | 2024-09-16 | 8.6 High |
| Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request. | ||||
| CVE-2017-16660 | 1 Cacti | 1 Cacti | 2024-09-16 | N/A |
| Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | ||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-09-16 | 8.3 High |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | ||||
| CVE-2023-45357 | 1 Archerirm | 1 Archer | 2024-09-16 | 4.3 Medium |
| Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release. | ||||
| CVE-2023-3972 | 1 Redhat | 23 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Desktop and 20 more | 2024-09-16 | 7.8 High |
| A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). | ||||
| CVE-2024-0443 | 3 Fedoraproject, Linux, Redhat | 4 Fedora, Linux Kernel, Enterprise Linux and 1 more | 2024-09-16 | 5.5 Medium |
| A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. | ||||
| CVE-2023-44394 | 1 Mantisbt | 1 Mantisbt | 2024-09-13 | 4.3 Medium |
| MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). | ||||
| CVE-2023-45911 | 1 Wipotec | 1 Comscale | 2024-09-13 | 9.8 Critical |
| An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. | ||||
| CVE-2023-42547 | 1 Samsung | 1 Account | 2024-09-12 | 5.5 Medium |
| Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||||
| CVE-2023-42549 | 1 Samsung | 1 Account | 2024-09-12 | 5.5 Medium |
| Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||||
| CVE-2023-42551 | 1 Samsung | 1 Account | 2024-09-12 | 5.5 Medium |
| Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||||
| CVE-2021-46906 | 1 Linux | 1 Linux Kernel | 2024-09-11 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl(). | ||||
| CVE-2023-4217 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2024-09-05 | 3.1 Low |
| A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | ||||
| CVE-2023-6955 | 1 Gitlab | 1 Gitlab | 2024-08-30 | 6.6 Medium |
| An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. | ||||
| CVE-2023-42718 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-28 | 5.5 Medium |
| In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2022-1911 | 1 M-files | 1 M-files Server | 2024-08-28 | 5.3 Medium |
| Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | ||||