Total
255441 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-2155 | 2024-06-28 | 4.3 Medium | ||
A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587. | ||||
CVE-2023-46708 | 2024-06-28 | 4.3 Medium | ||
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. | ||||
CVE-2024-37137 | 2024-06-28 | 3.8 Low | ||
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure. | ||||
CVE-2023-33078 | 2024-06-28 | 5.1 Medium | ||
Information Disclosure while processing IOCTL request in FastRPC. | ||||
CVE-2023-33090 | 2024-06-28 | 5.5 Medium | ||
Transient DOS while processing channel information for speaker protection v2 module in ADSP. | ||||
CVE-2023-6068 | 2024-06-28 | 3.1 Low | ||
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some | ||||
CVE-2024-2168 | 2024-06-28 | 4.7 Medium | ||
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expense_category.php of the component HTTP POST Request Handler. The manipulation of the argument status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255678 is the identifier assigned to this vulnerability. | ||||
CVE-2024-22276 | 2024-06-28 | 5.3 Medium | ||
VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are logged. | ||||
CVE-2024-39708 | 2024-06-27 | 7 High | ||
An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. | ||||
CVE-2024-6071 | 2024-06-27 | 10.0 Critical | ||
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. | ||||
CVE-2016-20022 | 2024-06-27 | N/A | ||
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier. | ||||
CVE-2024-36059 | 2024-06-27 | N/A | ||
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol. | ||||
CVE-2023-52892 | 2024-06-27 | N/A | ||
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification. | ||||
CVE-2022-4968 | 2024-06-27 | 6.5 Medium | ||
netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. | ||||
CVE-2024-39209 | 2024-06-27 | N/A | ||
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. | ||||
CVE-2024-39134 | 2024-06-27 | N/A | ||
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. | ||||
CVE-2024-39132 | 2024-06-27 | N/A | ||
A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp. | ||||
CVE-2024-36755 | 2024-06-27 | N/A | ||
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack. | ||||
CVE-2024-36074 | 2024-06-27 | N/A | ||
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution. | ||||
CVE-2024-36073 | 2024-06-27 | N/A | ||
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or Unify server to overwrite sensitive configuration and subsequently execute system commands with SYSTEM/root privileges on a chosen client endpoint. |