Total
341 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25188 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | N/A | 5.1 MEDIUM |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. | |||||
| CVE-2024-0009 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | N/A | 6.3 MEDIUM |
| An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. | |||||
| CVE-2022-46718 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-05 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information | |||||
| CVE-2022-42860 | 1 Apple | 1 Macos | 2024-12-05 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system | |||||
| CVE-2023-28191 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-45495 | 2024-12-04 | N/A | 4.3 MEDIUM | ||
| MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. | |||||
| CVE-2023-32553 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 5.3 MEDIUM |
| An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | |||||
| CVE-2023-32223 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2024-11-27 | N/A | 8.8 HIGH |
| D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. | |||||
| CVE-2021-47157 | 2024-11-25 | N/A | 9.8 CRITICAL | ||
| The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. | |||||
| CVE-2024-50654 | 1 Pickmall | 1 Lilishop | 2024-11-21 | N/A | 7.5 HIGH |
| lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency. | |||||
| CVE-2024-6301 | 1 Conduit | 1 Conduit | 2024-11-21 | N/A | 5.3 MEDIUM |
| Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs | |||||
| CVE-2024-5905 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-11-21 | N/A | 4.4 MEDIUM |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability. | |||||
| CVE-2024-5549 | 2024-11-21 | N/A | 8.1 HIGH | ||
| A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as deleting projects or sending messages. The issue arises from the lack of proper origin validation, allowing unauthorized cross-origin requests to be executed. The vulnerability is present in all versions of the repository, as no fixed version has been specified. | |||||
| CVE-2024-36472 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. | |||||
| CVE-2024-36421 | 1 Flowiseai | 1 Flowise | 2024-11-21 | N/A | 7.5 HIGH |
| Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arbitrary origins may be able to make requests to Flowise, stealing information from the user. This CORS misconfiguration may be chained with the path injection to allow an attacker attackers without access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available. | |||||
| CVE-2024-36302 | 2024-11-21 | N/A | 7.8 HIGH | ||
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36303. | |||||
| CVE-2024-32764 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later | |||||
| CVE-2024-2377 | 2024-11-21 | N/A | 7.6 HIGH | ||
| A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information. | |||||
| CVE-2024-28883 | 2024-11-21 | N/A | 7.4 HIGH | ||
| An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-24782 | 1 Hima | 26 F-com 01, F-com 01 Firmware, F-cpu 01 and 23 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. | |||||