Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46983 | 1 Antfin | 1 Sofa-hessian | 2024-09-25 | N/A | 9.8 CRITICAL |
| sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. This issue is fixed by an update to the blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue. Users unable to upgrade may maintain a blacklist themselves in the directory `external/serialize.blacklist`. | |||||
| CVE-2023-43765 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-09-25 | N/A | 7.5 HIGH |
| Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | |||||
| CVE-2024-45807 | 1 Envoyproxy | 1 Envoy | 2024-09-25 | N/A | 7.5 HIGH |
| Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2024-45752 | 1 Pixlone | 1 Logiops | 2024-09-25 | N/A | 7.3 HIGH |
| logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction. | |||||
| CVE-2023-43762 | 1 Withsecure | 2 F-secure Policy Manager, Policy Manager Proxy | 2024-09-25 | N/A | 9.8 CRITICAL |
| Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. | |||||
| CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2024-09-25 | N/A | 9.8 CRITICAL |
| An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | |||||
| CVE-2023-4020 | 1 Silabs | 1 Gecko Software Development Kit | 2024-09-25 | N/A | 9.1 CRITICAL |
| An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. | |||||
| CVE-2020-24089 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-09-25 | N/A | 5.5 MEDIUM |
| An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS). | |||||
| CVE-2023-38886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-25 | N/A | 7.2 HIGH |
| An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. | |||||
| CVE-2023-39045 | 1 Kokoroe Members Card Project | 1 Kokoroe Members Card | 2024-09-25 | N/A | 6.5 MEDIUM |
| An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39677 | 2 Simpleimportproduct Project, Updateproducts Project | 2 Simpleimportproduct, Updateproducts | 2024-09-25 | N/A | 7.5 HIGH |
| MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. | |||||
| CVE-2023-37263 | 1 Strapi | 1 Strapi | 2024-09-25 | N/A | 2.7 LOW |
| Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue. | |||||
| CVE-2023-43766 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-09-25 | N/A | 7.8 HIGH |
| Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | |||||
| CVE-2023-43767 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-09-25 | N/A | 7.5 HIGH |
| Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | |||||
| CVE-2023-41311 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | N/A | 5.3 MEDIUM |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. | |||||
| CVE-2023-43617 | 1 Schollz | 1 Croc | 2024-09-25 | N/A | 5.3 MEDIUM |
| An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name. | |||||
| CVE-2023-44169 | 1 Seacms | 1 Seacms | 2024-09-25 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | |||||
| CVE-2023-43222 | 1 Seacms | 1 Seacms | 2024-09-25 | N/A | 9.8 CRITICAL |
| SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | |||||
| CVE-2023-41308 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | N/A | 7.5 HIGH |
| Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-43323 | 1 Moosocial | 1 Moosocial | 2024-09-25 | N/A | 6.5 MEDIUM |
| mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. | |||||