Filtered by NVD-CWE-noinfo
Total 28515 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-0648 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2024-09-20 8.8 High
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0643 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2024-09-20 8.8 High
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2023-26323 1 Mi 1 App Market 2024-09-20 7.6 High
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
CVE-2022-21445 1 Oracle 1 Jdeveloper 2024-09-20 9.8 Critical
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2024-45040 1 Consensys 2 Gnark, Gnark-crypto 2024-09-20 5.9 Medium
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to deduce the actual value. If the possible choices for the variables to be committed is large or there are many values committed, then it would be computationally infeasible to enumerate all valid choices. It doesn't affect the completeness/soundness of the proofs. The vulnerability has been fixed in version 0.11.0. The patch to fix the issue is to add additional randomized value to the list of committed value at proving time to mask the rest of the values which were committed. As a workaround, the user can manually commit to a randomized value.
CVE-2024-45039 1 Consensys 2 Gnark, Gnark-crypto 2024-09-20 6.2 Medium
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost to the verifier and it has not been supported in the recursive in-circuit Groth16 verifier and Solidity verifier. gnark's maintainers expect the impact of the issue be very small - only for the users who have implemented the native Groth16 verifier or are using it with multiple commitments. We do not have information of such users. The issue has been patched in version 0.11.0. As a workaround, users should follow gnark maintainers' recommendation to use only a single commitment and then derive in-circuit commitments as needed using the `std/multicommit` package.
CVE-2022-4100 2 Gioni, Wpcerber 2 Wp Cerber Security, Cerber Security Antispam \& Malware Scan 2024-09-20 5.3 Medium
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
CVE-2024-38210 1 Microsoft 1 Edge Chromium 2024-09-19 7.8 High
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-38209 1 Microsoft 1 Edge Chromium 2024-09-19 7.8 High
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-3679 2 Calinvingan, Squirrly 2 Premium Seo Pack Wp Seo Plugin, Wp Seo Plugin 2024-09-19 5.3 Medium
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.
CVE-2024-43472 1 Microsoft 1 Edge Chromium 2024-09-19 5.8 Medium
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2024-37968 1 Microsoft 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more 2024-09-19 7.5 High
Windows DNS Spoofing Vulnerability
CVE-2024-38223 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2024-09-19 6.8 Medium
Windows Initial Machine Configuration Elevation of Privilege Vulnerability
CVE-2024-38215 1 Microsoft 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more 2024-09-19 7.8 High
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-38214 1 Microsoft 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more 2024-09-19 6.5 Medium
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2024-38120 1 Microsoft 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more 2024-09-19 8.8 High
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38200 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2024-09-19 6.5 Medium
Microsoft Office Spoofing Vulnerability
CVE-2024-38195 1 Microsoft 1 Azure Cyclecloud 2024-09-19 7.8 High
Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-38189 1 Microsoft 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more 2024-09-19 8.8 High
Microsoft Project Remote Code Execution Vulnerability
CVE-2024-38187 1 Microsoft 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more 2024-09-19 7.8 High
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability