Total
390 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29549 | 1 Mozilla | 2 Firefox, Focus | 2025-01-10 | 6.5 Medium |
| Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | ||||
| CVE-2023-23597 | 1 Mozilla | 1 Firefox | 2025-01-09 | 6.5 Medium |
| A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. | ||||
| CVE-2023-33283 | 1 Marvalglobal | 1 Msm | 2025-01-07 | 5.5 Medium |
| Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key. | ||||
| CVE-2023-35332 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 6.8 Medium |
| Windows Remote Desktop Protocol Security Feature Bypass | ||||
| CVE-2024-20692 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-31 | 5.7 Medium |
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||||
| CVE-2023-32414 | 1 Apple | 1 Macos | 2024-12-05 | 8.6 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox. | ||||
| CVE-2024-38277 | 2024-12-04 | 5.4 Medium | ||
| A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | ||||
| CVE-2024-33662 | 1 Portainer | 1 Portainer | 2024-12-04 | 7.5 High |
| Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. | ||||
| CVE-2023-37301 | 1 Mediawiki | 1 Mediawiki | 2024-11-27 | 5.3 Medium |
| An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. | ||||
| CVE-2023-36748 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-27 | 5.9 Medium |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device. | ||||
| CVE-2023-47364 | 1 Linecorp | 1 Line | 2024-11-26 | 6.5 Medium |
| The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims | ||||
| CVE-2020-3549 | 1 Cisco | 2 Firepower Threat Defense, Secure Firewall Management Center | 2024-11-26 | 8.1 High |
| A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device. | ||||
| CVE-2018-0131 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-26 | N/A |
| A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. | ||||
| CVE-2018-0448 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-26 | 9.8 Critical |
| A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. | ||||
| CVE-2024-45719 | 2024-11-22 | 2.6 Low | ||
| Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue. | ||||
| CVE-2024-52318 | 2024-11-21 | 6.1 Medium | ||
| Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. | ||||
| CVE-2024-52317 | 1 Apache | 1 Tomcat | 2024-11-21 | 6.5 Medium |
| Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. | ||||
| CVE-2024-45273 | 3 Helmholz, Mb Connect Line, Mbconnectline | 35 Myrex24.virtual, Myrex24 V2, Myrex24 V2 Virtual Server and 32 more | 2024-11-21 | 8.4 High |
| An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. | ||||
| CVE-2024-40761 | 1 Apache | 1 Answer | 2024-11-21 | 5.3 Medium |
| Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | ||||
| CVE-2024-3387 | 2024-11-21 | 5.3 Medium | ||
| A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. | ||||