Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40851 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-30 | N/A | 2.4 LOW |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen. | |||||
| CVE-2024-44297 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2024-10-30 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service. | |||||
| CVE-2024-10290 | 1 Zzcms | 1 Zzcms | 2024-10-30 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-28020 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-10-30 | N/A | 8.0 HIGH |
| A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services. | |||||
| CVE-2024-7763 | 1 Progress | 1 Whatsup Gold | 2024-10-30 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | |||||
| CVE-2024-40813 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-10-29 | N/A | 4.6 MEDIUM |
| A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data. | |||||
| CVE-2024-44294 | 1 Apple | 1 Macos | 2024-10-29 | N/A | 6.5 MEDIUM |
| A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files. | |||||
| CVE-2024-40832 | 1 Apple | 1 Macos | 2024-10-29 | N/A | 3.3 LOW |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs. | |||||
| CVE-2024-31842 | 1 Italtel | 1 Embrace | 2024-10-29 | N/A | 8.8 HIGH |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover. | |||||
| CVE-2023-23348 | 1 Hcltechsw | 1 Hcl Launch | 2024-10-29 | N/A | 5.5 MEDIUM |
| HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | |||||
| CVE-2024-40867 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-29 | N/A | 9.6 CRITICAL |
| A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | |||||
| CVE-2024-7978 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7004 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | |||||
| CVE-2024-6760 | 1 Freebsd | 1 Freebsd | 2024-10-29 | N/A | 7.5 HIGH |
| A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. | |||||
| CVE-2024-7518 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-10-29 | N/A | 6.5 MEDIUM |
| Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||||
| CVE-2023-32261 | 1 Microfocus | 1 Dimensions Cm | 2024-10-29 | N/A | 6.5 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-37521 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2024-10-29 | N/A | 5.3 MEDIUM |
| HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. | |||||
| CVE-2023-23437 | 1 Hihonor | 1 Vmall | 2024-10-29 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | |||||
| CVE-2023-34056 | 1 Vmware | 1 Vcenter Server | 2024-10-29 | N/A | 4.3 MEDIUM |
| vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | |||||
| CVE-2023-45626 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-10-29 | N/A | 7.2 HIGH |
| An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. | |||||