Total
263770 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40330 | 1 Dev4press | 1 Gd Security Headers | 2024-09-23 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions. | ||||
| CVE-2023-44121 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-09-23 | 5 Medium |
| The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps. | ||||
| CVE-2024-0002 | 1 Purestorage | 1 Flasharray | 2024-09-23 | 10 Critical |
| A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | ||||
| CVE-2024-0001 | 1 Purestorage | 1 Flasharray | 2024-09-23 | 10 Critical |
| A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | ||||
| CVE-2023-43654 | 1 Pytorch | 1 Torchserve | 2024-09-23 | 10 Critical |
| TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2024-8951 | 2 Oretnom23, Sourcecodester | 2 Resort Reservation System, Resort Reservation System | 2024-09-23 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-44152 | 4 Acronis, Apple, Linux and 1 more | 4 Cyber Protect, Macos, Linux Kernel and 1 more | 2024-09-23 | 9.1 Critical |
| Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | ||||
| CVE-2023-44155 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-23 | 7.5 High |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2024-8948 | 1 Micropython | 1 Micropython | 2024-09-23 | 7.3 High |
| A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes. | ||||
| CVE-2023-5004 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-09-23 | 9.8 Critical |
| Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||||
| CVE-2023-5053 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-09-23 | 9.8 Critical |
| Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||||
| CVE-2023-44157 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-09-23 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. | ||||
| CVE-2023-44158 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-23 | 7.5 High |
| Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2023-43740 | 1 Projectworlds | 1 Online Book Store Project | 2024-09-23 | 8.8 High |
| Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | ||||
| CVE-2023-44161 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-23 | 6.5 Medium |
| Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2023-44205 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-23 | 5.3 Medium |
| Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2023-44156 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-23 | 7.5 High |
| Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2023-44159 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-23 | 7.5 High |
| Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2021-4034 | 7 Canonical, Oracle, Polkit Project and 4 more | 38 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 35 more | 2024-09-23 | 7.8 High |
| A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | ||||
| CVE-2023-3775 | 1 Hashicorp | 1 Vault | 2024-09-23 | 4.2 Medium |
| A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. | ||||