Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 29323 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-40813 1 Apple 3 Ipados, Iphone Os, Watchos 2024-10-29 N/A 4.6 MEDIUM
A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data.
CVE-2024-31842 1 Italtel 1 Embrace 2024-10-29 N/A 8.8 HIGH
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.
CVE-2024-7978 1 Google 1 Chrome 2024-10-29 N/A 4.3 MEDIUM
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-7518 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-10-29 N/A 6.5 MEDIUM
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7004 1 Google 1 Chrome 2024-10-29 N/A 4.3 MEDIUM
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)
CVE-2024-6760 1 Freebsd 1 Freebsd 2024-10-29 N/A 7.5 HIGH
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
CVE-2024-40867 1 Apple 2 Ipados, Iphone Os 2024-10-29 N/A 9.6 CRITICAL
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.
CVE-2023-37521 1 Hcltechsw 1 Bigfix Bare Osd Metal Server Webui 2024-10-29 N/A 5.3 MEDIUM
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.
CVE-2023-32261 1 Microfocus 1 Dimensions Cm 2024-10-29 N/A 6.5 MEDIUM
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
CVE-2023-23437 1 Hihonor 1 Vmall 2024-10-29 N/A 5.5 MEDIUM
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak
CVE-2023-23348 1 Hcltechsw 1 Hcl Launch 2024-10-29 N/A 5.5 MEDIUM
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
CVE-2023-45626 2 Arubanetworks, Hp 2 Arubaos, Instantos 2024-10-29 N/A 7.2 HIGH
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
CVE-2023-41723 1 Veeam 1 One 2024-10-29 N/A 4.3 MEDIUM
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.
CVE-2023-35990 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-10-29 N/A 3.3 LOW
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.
CVE-2023-35983 1 Apple 1 Macos 2024-10-29 N/A 5.5 MEDIUM
This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.
CVE-2023-34056 1 Vmware 1 Vcenter Server 2024-10-29 N/A 4.3 MEDIUM
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
CVE-2024-24199 1 Pymumu 1 Smartdns 2024-10-29 N/A 7.5 HIGH
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.
CVE-2024-24198 1 Pymumu 1 Smartdns 2024-10-29 N/A 7.5 HIGH
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.
CVE-2023-35677 1 Google 1 Android 2024-10-29 N/A 5.5 MEDIUM
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-24195 1 Robertdavidgraham 1 Robdns 2024-10-29 N/A 7.5 HIGH
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.