Total
29323 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-45244 | 1 Hyperledger | 1 Fabric | 2024-10-30 | N/A | 5.3 MEDIUM |
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window. | |||||
CVE-2024-44460 | 1 Emqx | 1 Nanomq | 2024-10-30 | N/A | 7.5 HIGH |
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). | |||||
CVE-2024-44287 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | |||||
CVE-2024-44265 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 2.4 LOW |
The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device. | |||||
CVE-2024-44253 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. | |||||
CVE-2024-44213 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.9 MEDIUM |
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
CVE-2024-44208 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 7.5 HIGH |
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences. | |||||
CVE-2024-44156 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 7.1 HIGH |
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences. | |||||
CVE-2024-44137 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 4.6 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An attacker with physical access may be able to share items from the lock screen. | |||||
CVE-2024-40855 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data. | |||||
CVE-2024-38312 | 1 Mozilla | 1 Firefox | 2024-10-30 | N/A | 6.5 MEDIUM |
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. | |||||
CVE-2024-28067 | 1 Samsung | 2 Exynos Modem 5300, Exynos Modem 5300 Firmware | 2024-10-30 | N/A | 3.7 LOW |
A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext. | |||||
CVE-2023-38198 | 1 Acme.sh Project | 1 Acme.sh | 2024-10-30 | N/A | 9.8 CRITICAL |
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. | |||||
CVE-2024-0568 | 1 Se | 4 Renf22r2mmw, Renf22r2mmw Firmware, Rmnf22tb30 and 1 more | 2024-10-30 | N/A | 8.8 HIGH |
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. | |||||
CVE-2024-44270 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 8.6 HIGH |
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
CVE-2024-44269 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-10-30 | N/A | 5.5 MEDIUM |
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files. | |||||
CVE-2024-44267 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | |||||
CVE-2024-50312 | 1 Redhat | 1 Openshift Container Platform | 2024-10-30 | N/A | 5.3 MEDIUM |
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation. | |||||
CVE-2024-9399 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-10-30 | N/A | 7.5 HIGH |
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | |||||
CVE-2024-9398 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-10-30 | N/A | 5.3 MEDIUM |
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. |