Total
1628 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-20466 | 2024-10-31 | N/A | 6.5 MEDIUM | ||
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | |||||
CVE-2024-20420 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | N/A | 8.8 HIGH |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user. | |||||
CVE-2024-48936 | 2024-10-30 | N/A | 5.0 MEDIUM | ||
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration. | |||||
CVE-2024-44301 | 2024-10-30 | N/A | 5.5 MEDIUM | ||
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | |||||
CVE-2024-44287 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | |||||
CVE-2024-44253 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. | |||||
CVE-2024-44137 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 4.6 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An attacker with physical access may be able to share items from the lock screen. | |||||
CVE-2024-40855 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data. | |||||
CVE-2024-44270 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 8.6 HIGH |
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
CVE-2021-26387 | 2024-10-30 | N/A | 3.9 LOW | ||
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity. | |||||
CVE-2024-47172 | 1 Cvat | 1 Computer Vision Annotation Tool | 2024-10-30 | N/A | 5.4 MEDIUM |
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue. | |||||
CVE-2024-44247 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | |||||
CVE-2024-44289 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 7.5 HIGH |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information. | |||||
CVE-2024-38002 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-10-30 | N/A | 8.8 HIGH |
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API. | |||||
CVE-2024-31842 | 1 Italtel | 1 Embrace | 2024-10-29 | N/A | 8.8 HIGH |
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover. | |||||
CVE-2024-7004 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | |||||
CVE-2023-25189 | 2024-10-29 | N/A | 3.3 LOW | ||
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH. | |||||
CVE-2024-41617 | 2024-10-29 | N/A | 9.8 CRITICAL | ||
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution. | |||||
CVE-2024-44667 | 2024-10-29 | N/A | 8.0 HIGH | ||
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. | |||||
CVE-2024-9825 | 2024-10-29 | N/A | 5.4 MEDIUM | ||
The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference (IDOR) by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the vulnerability was specifically due to builder-api habitat package. The fix was made available in habitat/builder-api/10315/20240913162802 and all the subsequent versions after that. We would recommend user to always use on-prem stable channel. |