Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42080 | 1 Linux | 1 Linux Kernel | 2024-07-30 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid address access struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME in ib_create_cq(), while if the module exited but forgot del this rdma_restrack_entry, it would cause a invalid address access in rdma_restrack_clean() when print the owner of this rdma_restrack_entry. These code is used to help find one forgotten PD release in one of the ULPs. But it is not needed anymore, so delete them. | |||||
| CVE-2024-42081 | 1 Linux | 1 Linux Kernel | 2024-07-30 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_devcoredump: Check NULL before assignments Assign 'xe_devcoredump_snapshot *' and 'xe_device *' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.(Ashutosh/Jose) v4 - Drop return check for coredump_to_xe. (Jose/Rodrigo) v5 - Modify misleading commit message. (Matt) | |||||
| CVE-2024-41943 | 2024-07-30 | N/A | 4.6 MEDIUM | ||
| I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1. | |||||
| CVE-2024-41305 | 2024-07-30 | N/A | N/A | ||
| A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | |||||
| CVE-2024-41304 | 2024-07-30 | N/A | N/A | ||
| An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2024-7297 | 2024-07-30 | N/A | 8.8 HIGH | ||
| Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint. | |||||
| CVE-2024-7209 | 2024-07-30 | N/A | N/A | ||
| A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender. | |||||
| CVE-2024-7208 | 2024-07-30 | N/A | N/A | ||
| Hosted services do not verify the sender of an email against authenticated users, allowing an attacker to spoof the identify of another user's email address. | |||||
| CVE-2024-5486 | 2024-07-30 | N/A | 5.8 MEDIUM | ||
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager | |||||
| CVE-2024-41944 | 2024-07-30 | N/A | 6.5 MEDIUM | ||
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. | |||||
| CVE-2024-41916 | 2024-07-30 | N/A | 6.8 MEDIUM | ||
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. | |||||
| CVE-2024-41915 | 2024-07-30 | N/A | 7.2 HIGH | ||
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | |||||
| CVE-2023-38001 | 2024-07-30 | N/A | 6.5 MEDIUM | ||
| IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206. | |||||
| CVE-2023-26289 | 2024-07-30 | N/A | 5.4 MEDIUM | ||
| IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478. | |||||
| CVE-2023-26288 | 2024-07-30 | N/A | 5.5 MEDIUM | ||
| IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477. | |||||
| CVE-2022-33167 | 2024-07-30 | N/A | 3.7 LOW | ||
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587. | |||||
| CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2024-07-30 | 4.6 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2024-6904 | 1 Jkev | 1 Record Management System | 2024-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort2_user.php. The manipulation of the argument qualification leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271929 was assigned to this vulnerability. | |||||
| CVE-2024-6905 | 1 Jkev | 1 Record Management System | 2024-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_info_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271930 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-6906 | 1 Jkev | 1 Record Management System | 2024-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file add_leave_non_user.php. The manipulation of the argument LSS leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271931. | |||||