Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 29277 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-20194 1 Strategy11 1 Formidable Form Builder 2024-10-30 N/A 5.3 MEDIUM
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.
CVE-2024-6999 1 Google 1 Chrome 2024-10-30 N/A 4.3 MEDIUM
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-6610 1 Mozilla 2 Firefox, Thunderbird 2024-10-30 N/A 4.3 MEDIUM
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-44228 1 Apple 1 Xcode 2024-10-30 N/A 7.5 HIGH
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
CVE-2024-42677 1 Isellerpal 1 Enterprise Resource Management System 2024-10-30 N/A 5.5 MEDIUM
An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component
CVE-2024-32498 1 Openstack 3 Cinder, Glance, Nova 2024-10-30 N/A 6.5 MEDIUM
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
CVE-2024-25728 1 Expressvpn 1 Expressvpn 2024-10-30 N/A 7.5 HIGH
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.
CVE-2024-25360 1 Motorola 2 Cx2l, Cx2l Firmware 2024-10-30 N/A 5.3 MEDIUM
A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.
CVE-2024-23282 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-10-30 N/A 5.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.
CVE-2024-23273 1 Apple 4 Ipad Os, Iphone Os, Macos and 1 more 2024-10-30 N/A 4.3 MEDIUM
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
CVE-2023-52428 1 Connect2id 1 Nimbus Jose\+jwt 2024-10-30 N/A 7.5 HIGH
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
CVE-2023-31824 1 Dericia 1 Delicia 2024-10-30 N/A 7.5 HIGH
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.
CVE-2024-45244 1 Hyperledger 1 Fabric 2024-10-30 N/A 5.3 MEDIUM
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window.
CVE-2024-44460 1 Emqx 1 Nanomq 2024-10-30 N/A 7.5 HIGH
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
CVE-2024-44287 1 Apple 1 Macos 2024-10-30 N/A 5.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system.
CVE-2024-44265 1 Apple 1 Macos 2024-10-30 N/A 2.4 LOW
The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device.
CVE-2024-44253 1 Apple 1 Macos 2024-10-30 N/A 5.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system.
CVE-2024-44213 1 Apple 1 Macos 2024-10-30 N/A 5.9 MEDIUM
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker in a privileged network position may be able to leak sensitive user information.
CVE-2024-44208 1 Apple 1 Macos 2024-10-30 N/A 7.5 HIGH
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences.
CVE-2024-44156 1 Apple 1 Macos 2024-10-30 N/A 7.1 HIGH
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.