Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36537 | 1 Zoom | 1 Rooms | 2024-09-19 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-36533 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2024-09-19 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | |||||
| CVE-2023-45372 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | N/A | 5.3 MEDIUM |
| An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter). | |||||
| CVE-2023-45370 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | N/A | 5.3 MEDIUM |
| An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams. | |||||
| CVE-2023-45374 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | N/A | 5.3 MEDIUM |
| An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams. | |||||
| CVE-2024-46681 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_each_online_cpu(cpu) loop. While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood. | |||||
| CVE-2024-46706 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel sometimes boot hang. It is because normal console still is not ready, but runtime suspend is called, so early console putchar will hang in waiting TRDE set in UARTSTAT. The lpuart driver has auto suspend delay set to 3000ms, but during uart_add_one_port, a child device serial ctrl will added and probed with its pm runtime enabled(see serial_ctrl.c). The runtime suspend call path is: device_add |-> bus_probe_device |->device_initial_probe |->__device_attach |-> pm_runtime_get_sync(dev->parent); |-> pm_request_idle(dev); |-> pm_runtime_put(dev->parent); So in the end, before normal console ready, the lpuart get runtime suspended. And earlycon putchar will hang. To address the issue, mark last busy just after pm_runtime_enable, three seconds is long enough to switch from bootconsole to normal console. | |||||
| CVE-2023-45239 | 2 Facebook, Fedoraproject | 2 Tac Plus, Fedora | 2024-09-19 | N/A | 9.8 CRITICAL |
| A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | |||||
| CVE-2024-32859 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-09-19 | N/A | 8.2 HIGH |
| Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2024-6086 | 1 Lunary | 1 Lunary | 2024-09-19 | N/A | 4.3 MEDIUM |
| In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess() is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify organization attributes without proper authorization. | |||||
| CVE-2024-5714 | 1 Lunary | 1 Lunary | 2024-09-19 | N/A | 6.8 MEDIUM |
| In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with escalated privileges, and change members from other organizations to their own or other projects, also with escalated privileges. This vulnerability is due to the backend's failure to validate project identifiers against the current user's organization ID and projects belonging to it, as well as a misconfiguration in attribute naming (`org_id` should be `orgId`) that prevents proper user organization validation. As a result, attackers can cause inconsistencies on the platform for affected users and organizations, including unauthorized privilege escalation. The issue is present in the backend API endpoints for user invitation and modification, specifically in the handling of project IDs in requests. | |||||
| CVE-2023-5365 | 1 Hp | 1 Life | 2024-09-19 | N/A | 9.8 CRITICAL |
| HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | |||||
| CVE-2023-44847 | 1 Seacms | 1 Seacms | 2024-09-19 | N/A | 7.2 HIGH |
| An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | |||||
| CVE-2023-44846 | 1 Seacms | 1 Seacms | 2024-09-19 | N/A | 8.8 HIGH |
| An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | |||||
| CVE-2024-3305 | 1 Utarit | 1 Soliclub | 2024-09-19 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | |||||
| CVE-2023-44118 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-19 | N/A | 9.1 CRITICAL |
| Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. | |||||
| CVE-2024-6077 | 1 Rockwellautomation | 14 1756-en4, 1756-en4 Firmware, Compact Guardlogix 5380 Sil 2 and 11 more | 2024-09-19 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover. | |||||
| CVE-2023-43583 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Zoom | 2024-09-19 | N/A | 4.9 MEDIUM |
| Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. | |||||
| CVE-2024-46702 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another host connected with enabled paths we hang in tearing them down. This is due to fact that the Thunderbolt networking driver also tries to cleanup the paths and ends up blocking in tb_disconnect_xdomain_paths() waiting for the domain lock. However, at this point we already cleaned the paths in tb_stop() so there is really no need for tb_disconnect_xdomain_paths() to do that anymore. Furthermore it already checks if the XDomain is unplugged and bails out early so take advantage of that and mark the XDomain as unplugged when we remove the parent router. | |||||
| CVE-2024-46703 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: Revert "serial: 8250_omap: Set the console genpd always on if no console suspend" This reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940. Kevin reported that this causes a crash during suspend on platforms that dont use PM domains. | |||||