Total
264131 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35675 | 1 Google | 1 Android | 2024-09-26 | 5.5 Medium |
| In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40834 | 1 Opencart | 1 Opencart | 2024-09-26 | 9.8 Critical |
| OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter. | ||||
| CVE-2023-41013 | 1 Icewarp | 1 Icewarp | 2024-09-26 | 6.1 Medium |
| Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | ||||
| CVE-2023-41423 | 1 Terryl | 1 Wp Githuber Md | 2024-09-26 | 5.4 Medium |
| Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function. | ||||
| CVE-2023-40622 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-09-26 | 9.9 Critical |
| SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability. | ||||
| CVE-2023-40309 | 1 Sap | 9 Commoncryptolib, Content Server, Extended Application Services And Runtime and 6 more | 2024-09-26 | 9.8 Critical |
| SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. | ||||
| CVE-2023-35669 | 1 Google | 1 Android | 2024-09-26 | 7.8 High |
| In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-30375 | 1 Luxion | 2 Keyshot, Keyshot Viewer | 2024-09-26 | 7.8 High |
| Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22515. | ||||
| CVE-2023-26142 | 1 Crowcpp | 1 Crow | 2024-09-26 | 6.5 Medium |
| All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. | ||||
| CVE-2022-22405 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-09-26 | 5.9 Medium |
| IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576. | ||||
| CVE-2024-30374 | 1 Luxion | 2 Keyshot, Keyshot Viewer | 2024-09-26 | 7.8 High |
| Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22449. | ||||
| CVE-2023-3039 | 1 Dell | 1 Sd Rom Utility | 2024-09-26 | 7.3 High |
| SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | ||||
| CVE-2024-31423 | 2 Alex Volkov, Volkov | 2 Wp Accessibility Helper, Wp Accessibility Helper | 2024-09-26 | 4.3 Medium |
| Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5. | ||||
| CVE-2023-3747 | 1 Cloudflare | 1 Warp | 2024-09-26 | 5.5 Medium |
| Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running. | ||||
| CVE-2023-36635 | 1 Fortinet | 1 Fortiswitchmanager | 2024-09-26 | 6.9 Medium |
| An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. | ||||
| CVE-2022-4896 | 1 Cbm | 1 Control De Ciber | 2024-09-26 | 8.2 High |
| Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core. | ||||
| CVE-2022-33164 | 1 Ibm | 1 Security Directory Server | 2024-09-26 | 8.7 High |
| IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579. | ||||
| CVE-2022-21587 | 1 Oracle | 1 E-business Suite | 2024-09-26 | 9.8 Critical |
| Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2023-46175 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2024-09-26 | 4.4 Medium |
| IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. | ||||
| CVE-2022-48474 | 1 Cbm | 1 Control De Ciber | 2024-09-26 | 8.2 High |
| Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if an unrecognized component is up to date, causing a memory failure error that shuts down the process. | ||||