Total
27847 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32498 | 1 Openstack | 3 Cinder, Glance, Nova | 2024-07-08 | N/A | 6.5 MEDIUM |
| An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. | |||||
| CVE-2023-52340 | 1 Linux | 1 Linux Kernel | 2024-07-08 | N/A | 7.5 HIGH |
| The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. | |||||
| CVE-2024-37768 | 1 B1ackc4t | 1 14finger | 2024-07-08 | N/A | 9.1 CRITICAL |
| 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. | |||||
| CVE-2024-37769 | 1 B1ackc4t | 1 14finger | 2024-07-08 | N/A | 8.8 HIGH |
| Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. | |||||
| CVE-2024-39028 | 1 Seacms | 1 Seacms | 2024-07-08 | N/A | 9.8 CRITICAL |
| An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | |||||
| CVE-2024-6298 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2024-07-08 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01. | |||||
| CVE-2024-23588 | 1 Hcltech | 1 Nomad Server On Domino | 2024-07-08 | N/A | 6.5 MEDIUM |
| HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. | |||||
| CVE-2024-25086 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-08 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. | |||||
| CVE-2023-21237 | 1 Google | 1 Android | 2024-07-08 | N/A | 5.5 MEDIUM |
| In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912 | |||||
| CVE-2019-8761 | 1 Apple | 1 Mac Os X | 2024-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information. | |||||
| CVE-2024-2385 | 1 Livemeshelementor | 1 Addons For Elementor | 2024-07-05 | N/A | 8.8 HIGH |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-34589 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 6.5 MEDIUM |
| Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-34588 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 6.5 MEDIUM |
| Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-34587 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 6.8 MEDIUM |
| Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-20899 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-20898 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-6426 | 1 Mesbook | 1 Mesbook | 2024-07-05 | N/A | 7.1 HIGH |
| Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API value of the application. | |||||
| CVE-2024-39807 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 5.3 MEDIUM |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels. | |||||
| CVE-2024-39353 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 2.7 LOW |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents. | |||||
| CVE-2024-26314 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. | |||||