Total
29323 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-40813 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-10-29 | N/A | 4.6 MEDIUM |
A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data. | |||||
CVE-2024-31842 | 1 Italtel | 1 Embrace | 2024-10-29 | N/A | 8.8 HIGH |
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover. | |||||
CVE-2024-7978 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2024-7518 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-10-29 | N/A | 6.5 MEDIUM |
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||||
CVE-2024-7004 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | |||||
CVE-2024-6760 | 1 Freebsd | 1 Freebsd | 2024-10-29 | N/A | 7.5 HIGH |
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. | |||||
CVE-2024-40867 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-29 | N/A | 9.6 CRITICAL |
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | |||||
CVE-2023-37521 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2024-10-29 | N/A | 5.3 MEDIUM |
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. | |||||
CVE-2023-32261 | 1 Microfocus | 1 Dimensions Cm | 2024-10-29 | N/A | 6.5 MEDIUM |
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
CVE-2023-23437 | 1 Hihonor | 1 Vmall | 2024-10-29 | N/A | 5.5 MEDIUM |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | |||||
CVE-2023-23348 | 1 Hcltechsw | 1 Hcl Launch | 2024-10-29 | N/A | 5.5 MEDIUM |
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | |||||
CVE-2023-45626 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-10-29 | N/A | 7.2 HIGH |
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. | |||||
CVE-2023-41723 | 1 Veeam | 1 One | 2024-10-29 | N/A | 4.3 MEDIUM |
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | |||||
CVE-2023-35990 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-10-29 | N/A | 3.3 LOW |
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. | |||||
CVE-2023-35983 | 1 Apple | 1 Macos | 2024-10-29 | N/A | 5.5 MEDIUM |
This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. | |||||
CVE-2023-34056 | 1 Vmware | 1 Vcenter Server | 2024-10-29 | N/A | 4.3 MEDIUM |
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | |||||
CVE-2024-24199 | 1 Pymumu | 1 Smartdns | 2024-10-29 | N/A | 7.5 HIGH |
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c. | |||||
CVE-2024-24198 | 1 Pymumu | 1 Smartdns | 2024-10-29 | N/A | 7.5 HIGH |
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c. | |||||
CVE-2023-35677 | 1 Google | 1 Android | 2024-10-29 | N/A | 5.5 MEDIUM |
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-24195 | 1 Robertdavidgraham | 1 Robdns | 2024-10-29 | N/A | 7.5 HIGH |
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c. |