Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42846 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-09-11 | N/A | 5.3 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address. | |||||
| CVE-2024-7480 | 1 Avaya | 1 Aura System Manager | 2024-09-11 | N/A | 4.4 MEDIUM |
| An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | |||||
| CVE-2024-5486 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-09-11 | N/A | 4.9 MEDIUM |
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager | |||||
| CVE-2024-27267 | 1 Ibm | 1 Java Sdk | 2024-09-11 | N/A | 5.9 MEDIUM |
| The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573. | |||||
| CVE-2023-41721 | 1 Ui | 6 Unifi Dream Machine, Unifi Dream Machine Pro, Unifi Dream Machine Special Edition and 3 more | 2024-09-10 | N/A | 5.3 MEDIUM |
| Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. | |||||
| CVE-2023-40445 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-10 | N/A | 7.5 HIGH |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock. | |||||
| CVE-2023-40408 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-10 | N/A | 5.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly. | |||||
| CVE-2023-42490 | 1 Busbaer | 1 Eisbaer Scada | 2024-09-10 | N/A | 7.5 HIGH |
| EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2024-21303 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-09-10 | N/A | 8.8 HIGH |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | |||||
| CVE-2023-39726 | 1 Mintty Project | 1 Mintty | 2024-09-10 | N/A | 9.8 CRITICAL |
| An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. | |||||
| CVE-2023-33558 | 1 Ocomon Project | 1 Ocomon | 2024-09-10 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. | |||||
| CVE-2023-44156 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-10 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2024-3297 | 1 Csa-iot | 1 Matter | 2024-09-10 | N/A | 6.5 MEDIUM |
| An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled. | |||||
| CVE-2024-3454 | 1 Csa-iot | 1 Matter | 2024-09-10 | N/A | 3.5 LOW |
| An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information. | |||||
| CVE-2023-41988 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-10 | N/A | 6.8 MEDIUM |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | |||||
| CVE-2024-6089 | 1 Rockwellautomation | 2 5015-aenftxt, 5015-aenftxt Firmware | 2024-09-10 | N/A | 7.5 HIGH |
| An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. | |||||
| CVE-2024-6504 | 1 Rapid7 | 1 Insightvm | 2024-09-10 | N/A | 5.3 MEDIUM |
| Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261. | |||||
| CVE-2023-47101 | 1 Securepoint | 1 Openvpn-client | 2024-09-09 | N/A | 7.8 HIGH |
| The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. | |||||
| CVE-2023-45956 | 1 Govee | 2 Led Strip, Led Strip Firmware | 2024-09-09 | N/A | 7.5 HIGH |
| An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. | |||||
| CVE-2023-40130 | 1 Google | 1 Android | 2024-09-09 | N/A | 7.8 HIGH |
| In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||