Total
29614 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41173 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | N/A | 7.8 HIGH |
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. | |||||
CVE-2022-4529 | 1 Msoftplugins | 1 Security Antivirus Firewall | 2024-09-12 | N/A | 5.3 MEDIUM |
The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. | |||||
CVE-2023-50315 | 1 Ibm | 1 Websphere Application Server | 2024-09-11 | N/A | 5.9 MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714. | |||||
CVE-2024-38886 | 1 Horizoncloud | 1 Caterease | 2024-09-10 | N/A | 9.8 CRITICAL |
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. | |||||
CVE-2024-7569 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | N/A | 9.8 CRITICAL |
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. | |||||
CVE-2024-42257 | 1 Linux | 1 Linux Kernel | 2024-09-06 | N/A | 7.8 HIGH |
In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name is not NUL terminated. The other strings were marked in commit 072ebb3bffe6 ("ext4: add nonstring annotations to ext4.h"). Using strscpy() isn't the right replacement for strncpy(); it should use memtostr_pad() instead. | |||||
CVE-2024-45392 | 1 Salesagility | 1 Suitecrm | 2024-09-06 | N/A | 4.3 MEDIUM |
SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | |||||
CVE-2024-45096 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | N/A | 6.5 MEDIUM |
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. | |||||
CVE-2024-36068 | 1 Rubrik | 1 Cloud Data Management | 2024-09-05 | N/A | 9.8 CRITICAL |
An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | |||||
CVE-2024-34637 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background. | |||||
CVE-2024-34640 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 3.3 LOW |
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. | |||||
CVE-2024-34643 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | |||||
CVE-2024-34644 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | |||||
CVE-2024-34646 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. | |||||
CVE-2024-34649 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 2.4 LOW |
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. | |||||
CVE-2024-38482 | 1 Dell | 1 Cloudlink | 2024-09-05 | N/A | 7.2 HIGH |
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database. | |||||
CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | N/A | 9.8 CRITICAL |
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | |||||
CVE-2024-45587 | 1 Symphonyfintech | 2 Xts Mobile Trader, Xts Web Trader | 2024-09-04 | N/A | 8.8 HIGH |
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts. | |||||
CVE-2024-45586 | 1 Symphonyfintech | 2 Xts Mobile Trader, Xts Web Trader | 2024-09-04 | N/A | 8.8 HIGH |
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users. | |||||
CVE-2024-41518 | 1 Mecodia | 1 Feripro | 2024-09-03 | N/A | 7.5 HIGH |
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants. |