Total
266891 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-48231 | 2024-10-21 | N/A | 7.2 HIGH | ||
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php. | |||||
CVE-2023-4050 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-10-21 | N/A | 7.5 HIGH |
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
CVE-2023-4049 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-10-21 | N/A | 5.9 MEDIUM |
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
CVE-2023-4048 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-10-21 | N/A | 7.5 HIGH |
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
CVE-2023-4045 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-10-21 | N/A | 5.3 MEDIUM |
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
CVE-2023-4056 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-10-21 | N/A | 9.8 CRITICAL |
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
CVE-2023-4054 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-10-21 | N/A | 5.5 MEDIUM |
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. | |||||
CVE-2024-45271 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2024-10-21 | N/A | 7.8 HIGH |
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. | |||||
CVE-2023-38960 | 1 Raidenftpd | 1 Raidenftpd | 2024-10-21 | N/A | 7.3 HIGH |
Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory. | |||||
CVE-2023-6152 | 1 Grafana | 1 Grafana | 2024-10-21 | N/A | 5.4 MEDIUM |
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | |||||
CVE-2024-7994 | 1 Autodesk | 1 Revit | 2024-10-21 | N/A | 7.8 HIGH |
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
CVE-2024-45944 | 2024-10-21 | N/A | 9.8 CRITICAL | ||
In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. | |||||
CVE-2024-29821 | 2024-10-21 | N/A | 7.8 HIGH | ||
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | |||||
CVE-2024-29213 | 2024-10-21 | N/A | 7.8 HIGH | ||
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | |||||
CVE-2023-32812 | 4 Google, Linuxfoundation, Mediatek and 1 more | 39 Android, Yocto, Mt2713 and 36 more | 2024-10-21 | N/A | 6.7 MEDIUM |
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365. | |||||
CVE-2023-32806 | 4 Google, Linuxfoundation, Mediatek and 1 more | 33 Android, Yocto, Iot Yocto and 30 more | 2024-10-21 | N/A | 6.7 MEDIUM |
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589. | |||||
CVE-2023-20848 | 4 Google, Linux, Linuxfoundation and 1 more | 12 Android, Linux Kernel, Yocto and 9 more | 2024-10-21 | N/A | 6.5 MEDIUM |
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433. | |||||
CVE-2023-20842 | 4 Google, Linux, Linuxfoundation and 1 more | 12 Android, Linux Kernel, Yocto and 9 more | 2024-10-21 | N/A | 6.5 MEDIUM |
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477. | |||||
CVE-2023-20841 | 4 Google, Linux, Linuxfoundation and 1 more | 12 Android, Linux Kernel, Yocto and 9 more | 2024-10-21 | N/A | 6.5 MEDIUM |
In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441. | |||||
CVE-2023-20840 | 4 Google, Linux, Linuxfoundation and 1 more | 10 Android, Linux Kernel, Yocto and 7 more | 2024-10-21 | N/A | 6.5 MEDIUM |
In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430. |