Total
29277 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-20194 | 1 Strategy11 | 1 Formidable Form Builder | 2024-10-30 | N/A | 5.3 MEDIUM |
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. | |||||
CVE-2024-6999 | 1 Google | 1 Chrome | 2024-10-30 | N/A | 4.3 MEDIUM |
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2024-6610 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-10-30 | N/A | 4.3 MEDIUM |
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
CVE-2024-44228 | 1 Apple | 1 Xcode | 2024-10-30 | N/A | 7.5 HIGH |
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | |||||
CVE-2024-42677 | 1 Isellerpal | 1 Enterprise Resource Management System | 2024-10-30 | N/A | 5.5 MEDIUM |
An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component | |||||
CVE-2024-32498 | 1 Openstack | 3 Cinder, Glance, Nova | 2024-10-30 | N/A | 6.5 MEDIUM |
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. | |||||
CVE-2024-25728 | 1 Expressvpn | 1 Expressvpn | 2024-10-30 | N/A | 7.5 HIGH |
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users. | |||||
CVE-2024-25360 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2024-10-30 | N/A | 5.3 MEDIUM |
A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. | |||||
CVE-2024-23282 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization. | |||||
CVE-2024-23273 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2024-10-30 | N/A | 4.3 MEDIUM |
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication. | |||||
CVE-2023-52428 | 1 Connect2id | 1 Nimbus Jose\+jwt | 2024-10-30 | N/A | 7.5 HIGH |
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. | |||||
CVE-2023-31824 | 1 Dericia | 1 Delicia | 2024-10-30 | N/A | 7.5 HIGH |
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function. | |||||
CVE-2024-45244 | 1 Hyperledger | 1 Fabric | 2024-10-30 | N/A | 5.3 MEDIUM |
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window. | |||||
CVE-2024-44460 | 1 Emqx | 1 Nanomq | 2024-10-30 | N/A | 7.5 HIGH |
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). | |||||
CVE-2024-44287 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | |||||
CVE-2024-44265 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 2.4 LOW |
The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device. | |||||
CVE-2024-44253 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. | |||||
CVE-2024-44213 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.9 MEDIUM |
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
CVE-2024-44208 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 7.5 HIGH |
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences. | |||||
CVE-2024-44156 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 7.1 HIGH |
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences. |