Total
29474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36664 | 3 Artifex, Debian, Fedoraproject | 3 Ghostscript, Debian Linux, Fedora | 2024-12-05 | N/A | 7.8 HIGH |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | |||||
| CVE-2023-34672 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-12-05 | N/A | 8.8 HIGH |
| Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases. | |||||
| CVE-2021-30205 | 1 Dzzoffice | 1 Dzzoffice | 2024-12-05 | N/A | 5.3 MEDIUM |
| Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. | |||||
| CVE-2023-32553 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 5.3 MEDIUM |
| An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | |||||
| CVE-2023-32552 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 5.3 MEDIUM |
| An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | |||||
| CVE-2023-32528 | 1 Trendmicro | 1 Mobile Security | 2024-12-04 | N/A | 8.8 HIGH |
| Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527. | |||||
| CVE-2023-32527 | 1 Trendmicro | 1 Mobile Security | 2024-12-04 | N/A | 8.8 HIGH |
| Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528. | |||||
| CVE-2024-0638 | 1 Checkmk | 1 Checkmk | 2024-12-04 | N/A | 8.2 HIGH |
| Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | |||||
| CVE-2024-1742 | 1 Checkmk | 1 Checkmk | 2024-12-04 | N/A | 3.8 LOW |
| Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. | |||||
| CVE-2024-28824 | 1 Checkmk | 1 Checkmk | 2024-12-04 | N/A | 8.8 HIGH |
| Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | |||||
| CVE-2023-32622 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-12-04 | N/A | 7.2 HIGH |
| Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. | |||||
| CVE-2023-27199 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-12-04 | N/A | 6.7 MEDIUM |
| PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. | |||||
| CVE-2023-29459 | 1 Redbull | 1 Fc Red Bull Salzburg | 2024-12-03 | N/A | 6.1 MEDIUM |
| The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation. | |||||
| CVE-2024-28829 | 1 Checkmk | 1 Checkmk | 2024-12-03 | N/A | 7.8 HIGH |
| Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges. | |||||
| CVE-2024-38863 | 1 Checkmk | 1 Checkmk | 2024-12-03 | N/A | 7.5 HIGH |
| Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | |||||
| CVE-2021-20784 | 1 Voidtools | 1 Everything | 2024-12-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product. | |||||
| CVE-2024-27198 | 1 Jetbrains | 1 Teamcity | 2024-11-29 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | |||||
| CVE-2024-6197 | 1 Haxx | 1 Libcurl | 2024-11-29 | N/A | 7.5 HIGH |
| libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. | |||||
| CVE-2023-37300 | 1 Mediawiki | 1 Mediawiki | 2024-11-27 | N/A | 5.3 MEDIUM |
| An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. | |||||
| CVE-2024-4879 | 1 Servicenow | 1 Servicenow | 2024-11-27 | N/A | 9.8 CRITICAL |
| ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. | |||||