Total
28519 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38018 | 1 Microsoft | 1 Sharepoint Server | 2024-09-19 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-4583 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-09-19 | 7.5 High |
| When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | ||||
| CVE-2023-43284 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-09-19 | 8.8 High |
| D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. | ||||
| CVE-2023-0506 | 1 Bydemes | 1 Airspace Cctv Web Service | 2024-09-19 | 8.8 High |
| The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access. | ||||
| CVE-2024-7885 | 1 Redhat | 19 Apache Camel Spring Boot, Build Keycloak, Build Of Apache Camel - Hawtio and 16 more | 2024-09-19 | 7.5 High |
| A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. | ||||
| CVE-2023-36537 | 1 Zoom | 1 Rooms | 2024-09-19 | 7.3 High |
| Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-36533 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2024-09-19 | 7.1 High |
| Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | ||||
| CVE-2023-34121 | 2 Microsoft, Zoom | 4 Windows, Rooms, Virtual Desktop Infrastructure and 1 more | 2024-09-19 | 4.1 Medium |
| Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. | ||||
| CVE-2023-34120 | 2 Microsoft, Zoom | 2 Windows, Virtual Desktop Infrastructure | 2024-09-19 | 8.7 High |
| Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. | ||||
| CVE-2023-34118 | 1 Zoom | 1 Rooms | 2024-09-19 | 7.3 High |
| Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-34116 | 1 Zoom | 1 Zoom | 2024-09-19 | 8.2 High |
| Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. | ||||
| CVE-2023-4577 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-09-19 | 6.5 Medium |
| When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | ||||
| CVE-2024-27348 | 2 Apache, Oracle | 4 Hugegraph, Hugegraph-server, Jdk and 1 more | 2024-09-19 | 9.8 Critical |
| RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | ||||
| CVE-2023-4885 | 1 Open5gs | 1 Open5gs | 2024-09-19 | 6.5 Medium |
| Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | ||||
| CVE-2023-42508 | 1 Jfrog | 1 Artifactory | 2024-09-19 | 6.5 Medium |
| JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body. | ||||
| CVE-2023-30692 | 1 Samsung | 1 Android | 2024-09-19 | 8.5 High |
| Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30727 | 1 Samsung | 1 Android | 2024-09-19 | 6.7 Medium |
| Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction. | ||||
| CVE-2023-30731 | 1 Samsung | 1 Android | 2024-09-19 | 5.7 Medium |
| Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type. | ||||
| CVE-2023-30732 | 1 Samsung | 1 Android | 2024-09-19 | 5.5 Medium |
| Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number. | ||||
| CVE-2023-30736 | 1 Samsung | 1 Samsung Assistant | 2024-09-19 | 4.4 Medium |
| Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required. | ||||