Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-21612 | 1 Juniper | 1 Junos Os Evolved | 2024-02-28 | N/A | 7.5 HIGH |
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO. | |||||
CVE-2023-47327 | 1 Silverpeas | 1 Silverpeas | 2024-02-28 | N/A | 4.3 MEDIUM |
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL. | |||||
CVE-2023-39909 | 1 Ericsson | 1 Network Manager | 2024-02-28 | N/A | 8.8 HIGH |
Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | |||||
CVE-2023-28876 | 1 Afian | 1 Filerun | 2024-02-28 | N/A | 4.3 MEDIUM |
A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | |||||
CVE-2023-43089 | 1 Dell | 1 Rugged Control Center | 2024-02-28 | N/A | 3.3 LOW |
Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources. | |||||
CVE-2023-2267 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2024-02-28 | N/A | 5.4 MEDIUM |
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
CVE-2023-48860 | 1 Totolink | 2 N300rt, N300rt Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. | |||||
CVE-2024-20809 | 1 Samsung | 1 Nearby Device Scanning | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. | |||||
CVE-2023-40092 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-47323 | 1 Silverpeas | 1 Silverpeas | 2024-02-28 | N/A | 7.5 HIGH |
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators. | |||||
CVE-2023-49245 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2022-41659 | 1 Intel | 1 Unison | 2024-02-28 | N/A | 4.4 MEDIUM |
Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2023-42570 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. | |||||
CVE-2023-40540 | 1 Intel | 112 Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Kit Nuc11phki7c Firmware, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa and 109 more | 2024-02-28 | N/A | 4.4 MEDIUM |
Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
CVE-2024-22901 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-02-28 | N/A | 9.8 CRITICAL |
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. | |||||
CVE-2023-27879 | 1 Intel | 8 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 905p and 5 more | 2024-02-28 | N/A | 4.6 MEDIUM |
Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
CVE-2023-47033 | 1 Multisigwallet Project | 1 Multisigwallet | 2024-02-28 | N/A | 7.5 HIGH |
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | |||||
CVE-2023-6566 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 6.5 MEDIUM |
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | |||||
CVE-2024-21665 | 1 Pimcore | 1 E-commerce Framework | 2024-02-28 | N/A | 4.3 MEDIUM |
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10. | |||||
CVE-2023-5815 | 1 Infornweb | 1 News \& Blog Designer Pack | 2024-02-28 | N/A | 9.8 CRITICAL |
The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE. |