Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47867 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-08-02 | N/A | 8.8 HIGH |
| MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device. | |||||
| CVE-2023-38898 | 1 Python | 1 Python | 2024-08-02 | N/A | 5.3 MEDIUM |
| An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | |||||
| CVE-2023-36631 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-08-02 | N/A | 7.8 HIGH |
| Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password." | |||||
| CVE-2024-42156 | 1 Linux | 1 Linux Kernel | 2024-08-02 | N/A | 4.1 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. | |||||
| CVE-2024-42157 | 1 Linux | 1 Linux Kernel | 2024-08-02 | N/A | 4.1 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails. | |||||
| CVE-2023-25399 | 1 Scipy | 1 Scipy | 2024-08-02 | N/A | 5.5 MEDIUM |
| A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly. | |||||
| CVE-2023-23128 | 1 Connectwise | 1 Connectwise | 2024-08-02 | N/A | 6.1 MEDIUM |
| Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid. | |||||
| CVE-2023-4039 | 1 Gnu | 1 Gcc | 2024-08-02 | N/A | 4.8 MEDIUM |
| **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. | |||||
| CVE-2024-22362 | 1 Drupal | 1 Drupal | 2024-08-01 | N/A | 7.5 HIGH |
| Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. | |||||
| CVE-1999-0084 | 1 Sun | 1 Nfs | 2024-08-01 | 7.2 HIGH | 8.4 HIGH |
| Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. | |||||
| CVE-1999-0066 | 1 John S. Roberts | 1 Anyform | 2024-08-01 | 7.5 HIGH | 9.8 CRITICAL |
| AnyForm CGI remote execution. | |||||
| CVE-1999-0059 | 1 Sgi | 1 Irix | 2024-08-01 | 7.1 HIGH | 7.3 HIGH |
| IRIX fam service allows an attacker to obtain a list of all files on the server. | |||||
| CVE-1999-0052 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2024-08-01 | 5.0 MEDIUM | 7.5 HIGH |
| IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. | |||||
| CVE-1999-0069 | 1 Sun | 1 Sunos | 2024-08-01 | 7.2 HIGH | 8.4 HIGH |
| Solaris ufsrestore buffer overflow. | |||||
| CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2024-08-01 | 10.0 HIGH | 9.8 CRITICAL |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | |||||
| CVE-1999-0036 | 1 Sgi | 1 Irix | 2024-08-01 | 7.2 HIGH | 8.4 HIGH |
| IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. | |||||
| CVE-1999-0029 | 1 Sgi | 1 Irix | 2024-08-01 | 7.2 HIGH | 8.4 HIGH |
| root privileges via buffer overflow in ordist command on SGI IRIX systems. | |||||
| CVE-1999-0022 | 6 Bsdi, Freebsd, Hp and 3 more | 7 Bsd Os, Freebsd, Hp-ux and 4 more | 2024-08-01 | 7.2 HIGH | 7.8 HIGH |
| Local user gains root privileges via buffer overflow in rdist, via expstr() function. | |||||
| CVE-1999-1588 | 1 Sun | 1 Solaris | 2024-08-01 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766. | |||||
| CVE-1999-0013 | 1 Ssh | 1 Ssh | 2024-08-01 | 7.5 HIGH | 8.4 HIGH |
| Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | |||||