Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-7536 | 1 Imagemagick | 1 Imagemagick | 2024-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. | |||||
CVE-2017-0148 | 2 Microsoft, Siemens | 27 Server Message Block, Windows 10 1507, Windows 10 1511 and 24 more | 2024-07-09 | 9.3 HIGH | 8.1 HIGH |
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. | |||||
CVE-2024-34109 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-07-09 | N/A | 7.2 HIGH |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required. | |||||
CVE-2022-32253 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. | |||||
CVE-2024-6298 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2024-07-08 | N/A | 9.8 CRITICAL |
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01. | |||||
CVE-2024-35227 | 2024-07-05 | N/A | 7.5 HIGH | ||
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability. | |||||
CVE-2024-6284 | 2024-07-05 | N/A | N/A | ||
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0 | |||||
CVE-2024-6376 | 1 Mongodb | 1 Compass | 2024-07-03 | N/A | 9.8 CRITICAL |
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2 | |||||
CVE-2024-3841 | 2024-07-03 | N/A | 7.6 HIGH | ||
Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium) | |||||
CVE-2024-37794 | 2024-07-03 | N/A | 7.5 HIGH | ||
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file. | |||||
CVE-2024-36471 | 2024-07-03 | N/A | 7.5 HIGH | ||
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file. | |||||
CVE-2024-36053 | 2024-07-03 | N/A | 9.0 CRITICAL | ||
In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file. | |||||
CVE-2024-33996 | 2024-07-03 | N/A | 6.2 MEDIUM | ||
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | |||||
CVE-2024-33792 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
CVE-2024-32371 | 2024-07-03 | N/A | 7.5 HIGH | ||
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | |||||
CVE-2024-31965 | 2024-07-03 | N/A | 4.2 MEDIUM | ||
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information. | |||||
CVE-2024-31865 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | |||||
CVE-2024-31860 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | |||||
CVE-2024-31841 | 2024-07-03 | N/A | 7.5 HIGH | ||
An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. | |||||
CVE-2024-2257 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats. |