Export limit exceeded: 10237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10237 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1604 | 1 Bmc | 1 Control-m | 2024-11-21 | 6.4 Medium |
| Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. | ||||
| CVE-2024-1329 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.7 High |
| HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14. | ||||
| CVE-2024-1064 | 1 Craftycontrol | 1 Crafty Controller | 2024-11-21 | 7.5 High |
| A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | ||||
| CVE-2024-0953 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. | ||||
| CVE-2024-0943 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0942 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0491 | 1 Huaxiaerp | 1 Huaxia Erp | 2024-11-21 | 5.3 Medium |
| A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596. | ||||
| CVE-2024-0319 | 1 Fireeye | 1 Hxtool | 2024-11-21 | 5.4 Medium |
| Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. | ||||
| CVE-2024-0313 | 1 Skyhighsecurity | 1 Client Proxy | 2024-11-21 | 5.5 Medium |
| A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail. | ||||
| CVE-2024-0312 | 2024-11-21 | 5.5 Medium | ||
| A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. | ||||
| CVE-2024-0311 | 2024-11-21 | 5.5 Medium | ||
| A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. | ||||
| CVE-2024-0089 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering. | ||||
| CVE-2023-7031 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 5.7 Medium |
| Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. | ||||
| CVE-2023-6983 | 1 Josevega | 1 Display Custom Fields In The Frontend - Post And User Profile Fields | 2024-11-21 | 4.3 Medium |
| The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta. | ||||
| CVE-2023-6836 | 1 Wso2 | 7 Api Manager, Api Manager Analytics, Api Microgateway and 4 more | 2024-11-21 | 4.6 Medium |
| Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | ||||
| CVE-2023-6721 | 1 Europeana | 1 Repox | 2024-11-21 | 8.3 High |
| An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system. | ||||
| CVE-2023-6545 | 1 Beckhoff | 2 Authelia-bhf, Twincat\/bsd | 2024-11-21 | 4.7 Medium |
| The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia. | ||||
| CVE-2023-6380 | 1 Alkacon | 1 Opencms | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter. | ||||
| CVE-2023-6341 | 1 Catalisgov | 1 Cms360 | 2024-11-21 | 5.3 Medium |
| Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. | ||||
| CVE-2023-6280 | 1 52north | 1 Wps | 2024-11-21 | 7.2 High |
| An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network. | ||||