Total
34408 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0396 | 1 Progress | 1 Moveit Transfer | 2024-11-21 | 7.1 High |
| In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service. | ||||
| CVE-2024-0305 | 1 Ncast Project | 1 Ncast | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872. | ||||
| CVE-2024-0242 | 1 Johnsoncontrols | 4 Qolsys Iq4 Hub, Qolsys Iq4 Hub Firmware, Qolsys Iq Panel 4 and 1 more | 2024-11-21 | 7.3 High |
| Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | ||||
| CVE-2024-0093 | 5 Canonical, Citrix, Nvidia and 2 more | 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more | 2024-11-21 | 6.5 Medium |
| NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2024-0092 | 6 Canonical, Citrix, Microsoft and 3 more | 14 Ubuntu Linux, Hypervisor, Azure Stack Hci and 11 more | 2024-11-21 | 5.5 Medium |
| NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. | ||||
| CVE-2023-7271 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.5 Medium |
| Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-11-21 | 5 Medium |
| Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | ||||
| CVE-2023-7163 | 1 Dlink | 1 D-view 8 | 2024-11-21 | 10 Critical |
| A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes. | ||||
| CVE-2023-7080 | 1 Cloudflare | 1 Wrangler | 2024-11-21 | 8.5 High |
| The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers. | ||||
| CVE-2023-7047 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 4.4 Medium |
| Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. | ||||
| CVE-2023-6998 | 1 Coolkit | 1 Ewelink | 2024-11-21 | 7.7 High |
| Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. | ||||
| CVE-2023-6910 | 1 M-files | 1 M-files Server | 2024-11-21 | 6.5 Medium |
| A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests. | ||||
| CVE-2023-6871 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121. | ||||
| CVE-2023-6759 | 1 Thecosy | 1 Icecms | 2024-11-21 | 5.3 Medium |
| A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887. | ||||
| CVE-2023-6750 | 1 Backupbliss | 1 Clone | 2024-11-21 | 7.5 High |
| The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path. | ||||
| CVE-2023-6615 | 1 Typecho | 1 Typecho | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6588 | 1 Devolutions | 1 Workspace | 2024-11-21 | 6.5 Medium |
| Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline. | ||||
| CVE-2023-6573 | 1 Hp | 1 Oneview | 2024-11-21 | 5.5 Medium |
| HPE OneView may have a missing passphrase during restore. | ||||
| CVE-2023-6557 | 1 Stellarwp | 1 The Events Calendar | 2024-11-21 | 5.3 Medium |
| The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts. | ||||
| CVE-2023-6507 | 1 Python | 1 Python | 2024-11-21 | 6.1 Medium |
| An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | ||||