Total
9764 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-34150 | 1 Apache | 1 Any23 | 2024-08-02 | N/A | 5.3 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage. | |||||
CVE-2023-22934 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-08-02 | N/A | 8.0 HIGH |
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. | |||||
CVE-2024-34365 | 2024-08-02 | N/A | N/A | ||
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2024-34009 | 2024-08-01 | N/A | 7.5 HIGH | ||
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | |||||
CVE-2024-7340 | 2024-08-01 | N/A | 8.8 HIGH | ||
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. | |||||
CVE-2024-40520 | 1 Seacms | 1 Seacms | 2024-08-01 | N/A | 8.8 HIGH |
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | |||||
CVE-2024-40518 | 1 Seacms | 1 Seacms | 2024-08-01 | N/A | 8.8 HIGH |
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | |||||
CVE-2024-3173 | 1 Google | 1 Chrome | 2024-08-01 | N/A | 8.8 HIGH |
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | |||||
CVE-2024-36742 | 2024-08-01 | N/A | 7.5 HIGH | ||
An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape. | |||||
CVE-2024-32007 | 1 Apache | 1 Cxf | 2024-08-01 | N/A | 7.5 HIGH |
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. | |||||
CVE-2024-31959 | 2024-08-01 | N/A | 8.4 HIGH | ||
An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution. | |||||
CVE-2024-27386 | 2024-08-01 | N/A | 6.7 MEDIUM | ||
A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite. | |||||
CVE-2024-27385 | 2024-08-01 | N/A | 6.7 MEDIUM | ||
A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite. | |||||
CVE-2024-25290 | 2024-08-01 | N/A | 8.0 HIGH | ||
An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function. | |||||
CVE-2024-23320 | 2024-08-01 | N/A | 8.8 HIGH | ||
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | |||||
CVE-2024-22271 | 2024-08-01 | N/A | 8.2 HIGH | ||
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published. | |||||
CVE-2024-21507 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | |||||
CVE-2024-0031 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-7012 | 2024-08-01 | N/A | 7.5 HIGH | ||
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) | |||||
CVE-2021-22280 | 2024-08-01 | N/A | 7.2 HIGH | ||
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product. |