Total
27847 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1175 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-07-03 | 4.6 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the psmsrv.dll properly handles objects in memory. | |||||
| CVE-2019-1174 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-07-03 | 4.6 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory. | |||||
| CVE-2019-1162 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-07-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC. | |||||
| CVE-2019-1157 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-07-03 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | |||||
| CVE-2019-19750 | 1 Minerstat | 1 Msos | 2024-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. | |||||
| CVE-2019-1010023 | 1 Gnu | 1 Glibc | 2024-07-03 | 6.8 MEDIUM | 5.4 MEDIUM |
| GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | |||||
| CVE-2018-19093 | 1 Mz-automation | 1 Libiec61850 | 2024-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program | |||||
| CVE-2017-9856 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2024-07-03 | 5.0 MEDIUM | 3.4 LOW |
| An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
| CVE-2017-9855 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2024-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
| CVE-2017-8459 | 1 Brave | 1 Brave | 2024-07-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results | |||||
| CVE-2017-3506 | 1 Oracle | 1 Weblogic Server | 2024-07-03 | 5.8 MEDIUM | 7.4 HIGH |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2014-0808 | 1 Lockon | 1 Ec-cube | 2024-07-03 | 5.0 MEDIUM | 9.1 CRITICAL |
| Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. | |||||
| CVE-2021-45364 | 1 Statamic | 1 Statamic | 2024-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product | |||||
| CVE-2023-5038 | 1 Hanwhavision | 366 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 363 more | 2024-07-02 | N/A | 7.5 HIGH |
| badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | |||||
| CVE-2024-6099 | 1 Thimpress | 1 Learnpress | 2024-07-02 | N/A | 5.3 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | |||||
| CVE-2024-34600 | 1 Samsung | 1 Flow | 2024-07-02 | N/A | 3.3 LOW |
| Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage. | |||||
| CVE-2024-34599 | 2 Google, Samsung | 2 Android, Tips | 2024-07-02 | N/A | 3.3 LOW |
| Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege. | |||||
| CVE-2024-34597 | 1 Samsung | 1 Health | 2024-07-02 | N/A | 3.3 LOW |
| Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-34594 | 1 Samsung | 1 Android | 2024-07-02 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address. | |||||
| CVE-2024-34593 | 1 Samsung | 1 Android | 2024-07-02 | N/A | 8.8 HIGH |
| Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||||