Patch Tuesday — February 2024

2024-02-13 · 594 CVEs

CVEs published or modified the week of 2024-02-13, partitioned by vendor.

Microsoft (89 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20738Critical9.82024-02-15Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass.
CVE-2024-21413Critical9.8KEV2024-02-13Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21410Critical9.8KEV2024-02-13Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2024-21401Critical9.82024-02-13Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
CVE-2024-25110Critical9.82024-02-12The UAMQP is a general purpose C library for AMQP 1.0.
CVE-2024-21364Critical9.32024-02-13Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2024-21403Critical9.02024-02-13Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21376Critical9.02024-02-13Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVE-2024-21420High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21391High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21378High8.82024-02-13Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21375High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21372High8.82024-02-13Windows OLE Remote Code Execution Vulnerability
CVE-2024-21370High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21369High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21368High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21367High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21366High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21365High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21361High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21360High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21359High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21358High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21353High8.82024-02-13Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21352High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21350High8.82024-02-13Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21349High8.82024-02-13Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVE-2024-21345High8.82024-02-13Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21395High8.22024-02-13Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21412High8.1KEV2024-02-13Internet Shortcut Files Security Feature Bypass Vulnerability
CVE-2024-21357High8.12024-02-13Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2024-21380High8.02024-02-13Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
CVE-2024-20739High7.82024-02-15Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20731High7.82024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20730High7.82024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20729High7.82024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20728High7.82024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20727High7.82024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20726High7.82024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-21384High7.82024-02-13Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2024-21379High7.82024-02-13Microsoft Word Remote Code Execution Vulnerability
CVE-2024-21363High7.82024-02-13Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-21354High7.82024-02-13Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21346High7.82024-02-13Win32k Elevation of Privilege Vulnerability
CVE-2024-21338High7.8KEV2024-02-13Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21315High7.82024-02-13Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
CVE-2024-20673High7.82024-02-13Microsoft Office Remote Code Execution Vulnerability
CVE-2024-21396High7.62024-02-13Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21394High7.62024-02-13Dynamics 365 Field Service Spoofing Vulnerability
CVE-2024-21393High7.62024-02-13Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21389High7.62024-02-13Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21351High7.6KEV2024-02-13Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-21328High7.62024-02-13Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21327High7.62024-02-13Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2023-50387High7.52024-02-14Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue.
CVE-2024-21406High7.52024-02-13Windows Printing Service Spoofing Vulnerability
CVE-2024-21404High7.52024-02-13.NET Denial of Service Vulnerability
CVE-2024-21386High7.52024-02-13.NET Denial of Service Vulnerability
CVE-2024-21348High7.52024-02-13Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2024-21347High7.52024-02-13Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21342High7.52024-02-13Windows DNS Client Denial of Service Vulnerability
CVE-2024-20667High7.52024-02-13Azure DevOps Server Remote Code Execution Vulnerability
CVE-2024-21329High7.32024-02-13Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-21402High7.12024-02-13Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2024-21405High7.02024-02-13Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21371High7.02024-02-13Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21355High7.02024-02-13Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21381Medium6.82024-02-13Microsoft Azure Active Directory B2C Spoofing Vulnerability
CVE-2024-21341Medium6.82024-02-13Windows Kernel Remote Code Execution Vulnerability
CVE-2024-21356Medium6.52024-02-13Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-20684Medium6.52024-02-13Windows Hyper-V Denial of Service Vulnerability
CVE-2024-20679Medium6.52024-02-13Azure Stack Hub Spoofing Vulnerability
CVE-2024-21339Medium6.42024-02-13Windows USB Generic Parent Driver Remote Code Execution Vulnerability
CVE-2024-21344Medium5.92024-02-13Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-21343Medium5.92024-02-13Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-20695Medium5.72024-02-13Skype for Business Information Disclosure Vulnerability
CVE-2024-20749Medium5.52024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20748Medium5.52024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20747Medium5.52024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20736Medium5.52024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20735Medium5.52024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20734Medium5.52024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20733Medium5.52024-02-15Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service.
CVE-2024-21377Medium5.52024-02-13Windows DNS Information Disclosure Vulnerability
CVE-2024-21362Medium5.52024-02-13Windows Kernel Security Feature Bypass Vulnerability
CVE-2024-21397Medium5.32024-02-13Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVE-2024-21374Medium5.02024-02-13Microsoft Teams for Android Information Disclosure Vulnerability
CVE-2024-21340Medium4.62024-02-13Windows Kernel Information Disclosure Vulnerability
CVE-2024-21304Medium4.12024-02-13Trusted Compute Base Elevation of Privilege Vulnerability

Other vendors (505 CVEs across 133 vendors)

Intel · 74 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-39425High8.82024-02-14Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22293High8.22024-02-14Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25777High7.92024-02-14Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35121High7.82024-02-14Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local acces…
CVE-2023-22342High7.72024-02-14Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34351High7.52024-02-14Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2023-39941High7.12024-02-14Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-33875High7.12024-02-14Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..
CVE-2023-32647Medium6.82024-02-14Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-41231Medium6.72024-02-14Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-41091Medium6.72024-02-14Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40156Medium6.72024-02-14Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40154Medium6.72024-02-14Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privillaged user to potentially enable escalation of privilege via local access.
CVE-2023-39932Medium6.72024-02-14Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privillaged user to potentially enable escalation of privilege via local access.
CVE-2023-39432Medium6.72024-02-14Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-38566Medium6.72024-02-14Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-38135Medium6.72024-02-14Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-36493Medium6.72024-02-14Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35769Medium6.72024-02-14Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35060Medium6.72024-02-14Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35003Medium6.72024-02-14Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34315Medium6.72024-02-14Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-33870Medium6.72024-02-14Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32646Medium6.72024-02-14Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32618Medium6.72024-02-14Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-31271Medium6.72024-02-14Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28745Medium6.72024-02-14Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28739Medium6.72024-02-14Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28407Medium6.72024-02-14Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25945Medium6.72024-02-14Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25779Medium6.72024-02-14Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25174Medium6.72024-02-14Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-24591Medium6.72024-02-14Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-24542Medium6.72024-02-14Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22311Medium6.72024-02-14Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40161Medium6.62024-02-14Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-27517Medium6.62024-02-14Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
CVE-2023-41252Medium6.52024-02-14Out-of-bounds read in some Intel(R) QAT software drivers for Windows before version QAT1.7-W-1.11.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-22390Medium6.52024-02-14Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-35062Medium6.32024-02-14Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-24481Medium6.32024-02-14Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28720Medium6.12024-02-14Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access..
CVE-2023-28396Medium6.12024-02-14Improper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access.
CVE-2023-28374Medium6.12024-02-14Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-24589Medium6.12024-02-14Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-29162Medium6.02024-02-14Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-25951Medium6.02024-02-14Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-38561Medium5.52024-02-14Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-30767Medium5.52024-02-14Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25769Medium5.52024-02-14Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-25073Medium5.52024-02-14Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-22848Medium5.52024-02-14Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-32280Medium5.32024-02-14Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.
CVE-2023-31189Medium5.22024-02-14Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access.
CVE-2023-36490Medium5.02024-02-14Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-28715Medium5.02024-02-14Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-26585Medium5.02024-02-14Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-29153Medium4.92024-02-14Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.
CVE-2023-27308Medium4.62024-02-14Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-34983Medium4.32024-02-14Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32651Medium4.32024-02-14Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32644Medium4.32024-02-14Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32642Medium4.32024-02-14Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-26586Medium4.32024-02-14Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-24463Medium4.32024-02-14Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-27301Medium4.22024-02-14Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-42776Low3.82024-02-14Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access.
CVE-2023-27307Low3.82024-02-14Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-27303Low3.82024-02-14Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-27300Low3.82024-02-14Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-26592Low3.82024-02-14Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2023-26596Low2.52024-02-14Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-26591Low2.02024-02-14Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access.
CVE-2023-41090Low1.82024-02-14Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.

Google · 38 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0031Critical9.82024-02-16In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation.
CVE-2024-0023High7.82024-02-16In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2024-0021High7.82024-02-16In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code.
CVE-2024-0018High7.82024-02-16In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow.
CVE-2024-0015High7.82024-02-16In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection.
CVE-2023-21165High7.82024-02-16In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free.
CVE-2024-0038High7.82024-02-16In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check.
CVE-2024-0036High7.82024-02-16In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code.
CVE-2024-0035High7.82024-02-16In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check.
CVE-2024-0034High7.82024-02-16In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass.
CVE-2024-0033High7.82024-02-16In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow.
CVE-2024-0029High7.82024-02-16In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code.
CVE-2024-0014High7.82024-02-16In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error.
CVE-2023-40115High7.82024-02-15In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free.
CVE-2023-40114High7.82024-02-15In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free.
CVE-2023-40111High7.82024-02-15In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy.
CVE-2023-40110High7.82024-02-15In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow.
CVE-2023-40109High7.82024-02-15In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass.
CVE-2023-40107High7.82024-02-15In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data.
CVE-2023-40106High7.82024-02-15In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass.
CVE-2023-40100High7.82024-02-15In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free.
CVE-2024-0040High7.52024-02-16In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow.
CVE-2023-40104High7.52024-02-15In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates.
CVE-2024-0041High7.02024-02-16In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code.
CVE-2024-0032Medium6.52024-02-16In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation.
CVE-2024-0020Medium5.52024-02-16In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy.
CVE-2024-0017Medium5.52024-02-16In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass.
CVE-2023-40085Medium5.52024-02-16In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-0030Medium5.52024-02-16In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check.
CVE-2023-40093Medium5.52024-02-16In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code.
CVE-2023-40124Medium5.52024-02-15In multiple locations, there is a possible cross-user read due to a confused deputy.
CVE-2023-40113Medium5.52024-02-15In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check.
CVE-2023-40112Medium5.52024-02-15In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2023-40105Medium5.52024-02-15In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check.
CVE-2024-0016Medium5.32024-02-16In multiple locations, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-0019Medium5.02024-02-16In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings.
CVE-2024-0037Low3.32024-02-16In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check.
CVE-2023-40122Low3.32024-02-16In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy.

N/a · 34 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25320Critical9.82024-02-16Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.
CVE-2024-25217Critical9.82024-02-14Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product.
CVE-2024-25216Critical9.82024-02-14Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.
CVE-2024-25215Critical9.82024-02-14Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
CVE-2024-25214Critical9.82024-02-14An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.
CVE-2024-25211Critical9.82024-02-14Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.
CVE-2024-25210Critical9.82024-02-14Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.
CVE-2024-25209Critical9.82024-02-14Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.
CVE-2024-24142Critical9.82024-02-13Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
CVE-2024-23674Critical9.62024-02-15The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing.
CVE-2022-48623Critical9.12024-02-13The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.
CVE-2023-52431High8.82024-02-13The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).
CVE-2024-25466High7.82024-02-16Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.
CVE-2024-25165High7.82024-02-14A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.
CVE-2023-51787High7.52024-02-15An issue was discovered in Wind River VxWorks 7 22.09 and 23.03.
CVE-2024-25407High7.52024-02-13SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request.
CVE-2023-38960High7.32024-02-13Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.
CVE-2024-25415High7.22024-02-16A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
CVE-2024-24386High7.22024-02-15An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.
CVE-2024-25301High7.22024-02-14Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
CVE-2024-25213High7.22024-02-14Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.
CVE-2024-25212High7.22024-02-14Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.
CVE-2023-49508Medium6.52024-02-16Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.
CVE-2023-26562Medium6.52024-02-13In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
CVE-2024-1530Medium6.32024-02-15A vulnerability, which was classified as critical, has been found in ECshop 4.1.8.
CVE-2023-50808Medium6.12024-02-13Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.
CVE-2023-48432Medium6.12024-02-13An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0.
CVE-2023-45207Medium6.12024-02-13An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0.
CVE-2023-45206Medium6.12024-02-13An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0.
CVE-2024-24256Medium5.92024-02-15SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory.
CVE-2024-21491Medium5.92024-02-13Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared.
CVE-2024-25300Medium4.82024-02-14A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
CVE-2024-25373Medium4.62024-02-15Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function.
CVE-2023-35061Medium4.32024-02-14Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

Dell · 31 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-39245Critical9.82024-02-15DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component.
CVE-2023-32484Critical9.82024-02-15Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability.
CVE-2023-32462Critical9.82024-02-15Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication.
CVE-2023-28078Critical9.12024-02-15Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured.
CVE-2024-22454High8.82024-02-13Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords.
CVE-2023-44283High7.82024-02-14In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs.
CVE-2024-22228High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility.
CVE-2024-22227High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility.
CVE-2024-22225High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility.
CVE-2024-22224High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility.
CVE-2024-22223High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility.
CVE-2024-22222High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility.
CVE-2024-0170High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility.
CVE-2024-0168High7.82024-02-12Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility.
CVE-2024-0167High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility.
CVE-2024-0166High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility.
CVE-2024-0165High7.82024-02-12Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility.
CVE-2024-0164High7.82024-02-12Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility.
CVE-2023-39244High7.32024-02-15DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component.
CVE-2024-22426High7.22024-02-16Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability.
CVE-2023-25535High7.22024-02-14Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE).
CVE-2024-22445High7.22024-02-13Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability.
CVE-2024-22425Medium6.52024-02-16Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability.
CVE-2024-22230Medium6.42024-02-12Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability.
CVE-2023-39249Medium6.32024-02-14Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respectiv…
CVE-2024-0169Medium5.72024-02-12Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability.
CVE-2023-44294Medium5.42024-02-14In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in…
CVE-2023-44293Medium5.42024-02-14In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in…
CVE-2024-22221Medium4.52024-02-12Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability.
CVE-2024-22455Medium4.42024-02-14Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability.
CVE-2024-22226Low3.32024-02-12Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility.

Siemens · 28 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23816Critical9.82024-02-13A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non…
CVE-2024-23811High8.82024-02-13A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1).
CVE-2024-23810High8.82024-02-13A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1).
CVE-2024-23812High8.02024-02-13A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1).
CVE-2024-24925High7.82024-02-13A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000).
CVE-2024-24924High7.82024-02-13A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000).
CVE-2024-24923High7.82024-02-13A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001).
CVE-2024-24922High7.82024-02-13A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000).
CVE-2024-24921High7.82024-02-13A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000).
CVE-2024-24920High7.82024-02-13A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000).
CVE-2024-23804High7.82024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).
CVE-2024-23803High7.82024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007).
CVE-2024-23802High7.82024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).
CVE-2024-23798High7.82024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).
CVE-2024-23797High7.82024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).
CVE-2024-23796High7.82024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).
CVE-2024-23795High7.82024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).
CVE-2024-22042High7.82024-02-13A vulnerability has been identified in Unicam FX (All versions).
CVE-2023-50236High7.82024-02-13A vulnerability has been identified in Polarion ALM (All versions < V2404.0).
CVE-2023-49125High7.82024-02-13A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE20…
CVE-2023-51440High7.52024-02-13A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1…
CVE-2024-23813High7.32024-02-13A vulnerability has been identified in Polarion ALM (All versions < V2404.0).
CVE-2023-48364Medium6.52024-02-13A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2…
CVE-2023-48363Medium6.52024-02-13A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2…
CVE-2024-23801Low3.32024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007).
CVE-2024-23800Low3.32024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007).
CVE-2024-23799Low3.32024-02-13A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007).
CVE-2024-22043Low3.32024-02-13A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170).

F5 · 20 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22093High8.72024-02-14When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems.
CVE-2024-24990High7.52024-02-14When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
CVE-2024-24989High7.52024-02-14When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
CVE-2024-24775High7.52024-02-14When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (Eo…
CVE-2024-23982High7.52024-02-14When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2024-23979High7.52024-02-14When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
CVE-2024-23805High7.52024-02-14Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2024-23314High7.52024-02-14When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not eval…
CVE-2024-23308High7.52024-02-14When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate.
CVE-2024-21849High7.52024-02-14When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached…
CVE-2024-21789High7.52024-02-14When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
CVE-2024-21771High7.52024-02-14For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption.  Note: Software ver…
CVE-2024-21763High7.52024-02-14When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate.  NOTE: Software versions which have reached E…
CVE-2024-22389High7.22024-02-14When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device.
CVE-2024-23306High7.12024-02-14A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-21782Medium6.72024-02-14BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string.
CVE-2024-24966Medium6.22024-02-14When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-23976Medium6.02024-02-14When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system.
CVE-2024-23607Medium5.52024-02-14A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory.  Note: Software versions which have reached End of Technical Support (EoTS) are not eva…
CVE-2024-23603Low3.82024-02-14An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

Adobe · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20720Critical9.12024-02-15Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an…
CVE-2024-20719Critical9.12024-02-15Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page.
CVE-2024-20750High7.82024-02-15Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2024-20744High7.82024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20743High7.82024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20742High7.82024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2024-20741High7.82024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20740High7.82024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20723High7.82024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20725Medium5.52024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20724Medium5.52024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20722Medium5.52024-02-15Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20717Medium5.42024-02-15Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-20716Medium4.92024-02-15Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service.
CVE-2024-20718Medium4.32024-02-15Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass.

Sap · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22131Critical9.12024-02-13In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface.
CVE-2024-24743High8.62024-02-13SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data…
CVE-2024-22130High7.62024-02-13Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WE…
CVE-2024-25642High7.42024-02-13Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication.
CVE-2024-22132High7.42024-02-13SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges wit…
CVE-2024-24739Medium6.32024-02-13SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.
CVE-2024-22126Medium6.12024-02-13The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL.
CVE-2024-22129Medium5.42024-02-13SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack.
CVE-2024-24740Medium5.32024-02-13SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could oth…
CVE-2024-22128Medium4.72024-02-13SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerabi…
CVE-2024-25643Medium4.32024-02-13The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges.
CVE-2024-24741Medium4.32024-02-13SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.
CVE-2024-24742Medium4.12024-02-13SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting…

Freebsd · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-23088Critical9.82024-02-15The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.
CVE-2022-23092High8.82024-02-15The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents.
CVE-2022-23087High8.82024-02-15The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted.
CVE-2022-23085High8.22024-02-15A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow.
CVE-2022-23086High7.82024-02-15Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header.
CVE-2022-23090High7.72024-02-15The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.
CVE-2022-23084High7.52024-02-15The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin.
CVE-2022-23093Medium6.52024-02-15ping reads raw IP packets from the network to process responses in the pr_pack() function.
CVE-2024-25940Medium6.32024-02-15`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host.
CVE-2022-23089Medium4.72024-02-15When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.
CVE-2022-23091Medium4.02024-02-15A particular case of memory sharing is mishandled in the virtual memory system.
CVE-2024-25941Low3.32024-02-15The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl).

Github · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1378Critical9.12024-02-13A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options…
CVE-2024-1374Critical9.12024-02-13A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log fo…
CVE-2024-1372Critical9.12024-02-13A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings.
CVE-2024-1369Critical9.12024-02-13A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collec…
CVE-2024-1359Critical9.12024-02-13A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy.
CVE-2024-1355Critical9.12024-02-13A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while se…
CVE-2024-1354High8.02024-02-13A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file.
CVE-2024-1482High7.12024-02-14An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN.
CVE-2024-1084Medium6.52024-02-13Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with…
CVE-2024-1082Medium6.32024-02-13A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact…

Code-projects · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25223Critical9.82024-02-14Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.
CVE-2024-25222Critical9.82024-02-14Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
CVE-2024-25220Critical9.82024-02-14Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
CVE-2024-25226Medium6.12024-02-14A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVE-2024-25221Medium6.12024-02-14A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.
CVE-2024-25219Medium6.12024-02-14A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.
CVE-2024-25218Medium6.12024-02-14A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.
CVE-2024-25225Medium5.42024-02-14A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVE-2024-25224Medium5.42024-02-14A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.

Fedoraproject · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1488High8.02024-02-15A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration.
CVE-2023-5679High7.52024-02-13A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.
CVE-2023-5517High7.52024-02-13A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally res…
CVE-2023-4408High7.52024-02-13The DNS message parsing code in `named` includes a section whose computational complexity is overly high.
CVE-2024-1062Medium5.52024-02-12A heap overflow flaw was found in 389-ds-base.
CVE-2023-52429Medium5.52024-02-12dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.
CVE-2023-6681Medium5.32024-02-12A vulnerability was found in JWCrypto.
CVE-2024-1454Low3.42024-02-12The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards.

Sharp · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23786Critical9.32024-02-14Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the us…
CVE-2024-23789High8.82024-02-14Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.
CVE-2024-23783High8.82024-02-14Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.
CVE-2024-23788High8.12024-02-14Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the aff…
CVE-2024-23787Medium6.52024-02-14Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
CVE-2024-23785Medium6.52024-02-14Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
CVE-2024-23784Medium6.52024-02-14Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed pas…

Zoom · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24691Critical9.62024-02-14Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVE-2024-24697High7.22024-02-14Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2024-24696Medium6.82024-02-14Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2024-24695Medium6.82024-02-14Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2024-24699Medium6.52024-02-14Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
CVE-2024-24690Medium5.42024-02-14Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-24698Medium4.92024-02-14Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.

Amd · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2021-46757High7.82024-02-13Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.
CVE-2023-20587High7.12024-02-13Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.
CVE-2023-31346Medium6.02024-02-13Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
CVE-2023-20579Medium6.02024-02-13Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
CVE-2023-31347Medium4.92024-02-13Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.
CVE-2023-20570Low3.32024-02-13Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.

Ibm · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-34309Medium5.92024-02-12IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2022-34310Medium5.92024-02-12IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2023-46186Medium5.32024-02-14IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls.
CVE-2022-38714Medium4.92024-02-12IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user.
CVE-2022-22506Medium4.62024-02-12IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants.
CVE-2022-34311Medium4.32024-02-12IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials.

Open-xchange · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41704High7.12024-02-12Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine.
CVE-2023-41707Medium6.52024-02-12Processing of user-defined mail search expressions is not limited.
CVE-2023-41706Medium6.52024-02-12Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.
CVE-2023-41705Medium6.52024-02-12Processing of user-defined DAV user-agent strings is not limited.
CVE-2023-41703Medium6.12024-02-12User ID references at mentions in document comments were not correctly sanitized.
CVE-2023-41708Medium5.42024-02-12References to the "app loader" functionality could contain redirects to unexpected locations.

Fortinet · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23113Critical9.8KEV2024-02-15A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions…
CVE-2023-45581High8.82024-02-15An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affectin…
CVE-2023-26206Medium6.82024-02-15An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fi…
CVE-2023-44253Medium5.02024-02-15An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigDa…
CVE-2023-47537Medium4.82024-02-15An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in…

Gambio · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23763Critical9.82024-02-12SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVE-2024-23761Critical9.82024-02-12Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
CVE-2024-23759Critical9.82024-02-12Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
CVE-2024-23762High7.82024-02-12Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
CVE-2024-23760Low2.72024-02-12Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.

Palo Alto Networks · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0007Medium6.82024-02-14A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances.
CVE-2024-0008Medium6.62024-02-14Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
CVE-2024-0009Medium6.32024-02-14An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
CVE-2024-0011Medium4.32024-02-14A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user…
CVE-2024-0010Medium4.32024-02-14A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious l…

Solarwinds · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23479Critical9.62024-02-15SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.
CVE-2024-23476Critical9.62024-02-15The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.
CVE-2023-40057Critical9.02024-02-15The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability.
CVE-2024-23478High8.02024-02-15SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability.
CVE-2024-23477High7.92024-02-15The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.

Linux · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25744High8.82024-02-12In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point.
CVE-2024-25741Medium5.52024-02-12printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
CVE-2024-25740Medium5.52024-02-12A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
CVE-2024-25739Medium5.52024-02-12create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

Netapp · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21983Medium6.52024-02-16StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability.
CVE-2024-21984Medium5.92024-02-16StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-21987Medium5.42024-02-16SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings
CVE-2024-25617Medium5.32024-02-14Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

Schneider Electric · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0568High8.82024-02-14CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication.
CVE-2023-6408High8.12024-02-14CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the…
CVE-2023-6409High7.72024-02-14CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.
CVE-2023-27975High7.12024-02-14CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.

Typo3 · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25121High7.12024-02-13TYPO3 is an open source PHP based web content management system released under the GNU GPL.
CVE-2024-25119Medium4.92024-02-13TYPO3 is an open source PHP based web content management system released under the GNU GPL.
CVE-2024-25120Medium4.32024-02-13TYPO3 is an open source PHP based web content management system released under the GNU GPL.
CVE-2024-25118Medium4.32024-02-13TYPO3 is an open source PHP based web content management system released under the GNU GPL.

Bold-themes · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1159Medium6.42024-02-13The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied a…
CVE-2024-1160Medium5.42024-02-13The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping.
CVE-2024-1157Medium5.42024-02-13The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping.

Comarch · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-4539High7.52024-02-15Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database.
CVE-2023-4537High7.42024-02-15Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.
CVE-2023-4538Medium6.22024-02-15The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations.

Contiki-ng · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50927High8.62024-02-14Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices.
CVE-2023-50926High7.52024-02-14Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices.
CVE-2023-48229High7.02024-02-14Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices.

Cusg · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48987High7.52024-02-14Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to…
CVE-2023-48986Medium6.12024-02-14Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted scr…
CVE-2023-48985Medium6.12024-02-14Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted scr…

Ebmtech · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-26264Critical9.82024-02-15EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login.
CVE-2024-26262High8.82024-02-15EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records…
CVE-2024-26263Medium5.32024-02-15EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.

Grafana · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5123High8.02024-02-14The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specif…
CVE-2023-6152Medium5.42024-02-13A user changing their email after signing up and verifying it can change it without verification in profile settings.
CVE-2023-5122Medium5.02024-02-14Grafana is an open-source platform for monitoring and observability.

Hp · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6138High7.92024-02-14A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service.
CVE-2022-48220Medium6.42024-02-14Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack.
CVE-2022-48219Medium6.42024-02-14Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack.

Utarit · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5155Critical9.82024-02-15Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.
CVE-2023-6255High7.52024-02-15Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.
CVE-2023-4993High7.52024-02-15Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.

4ipnet · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24300Critical9.82024-02-144ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control.
CVE-2024-24301High8.82024-02-14Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privilege…

Alf · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25628High7.62024-02-16Alf.io is a free and open source event attendance management system.
CVE-2024-25627Low3.52024-02-16Alf.io is a free and open source event attendance management system.

Anti-virus · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23440High7.12024-02-13Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.
CVE-2024-23439High7.12024-02-13Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.

Ays-pro · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47526Medium5.92024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a thr…
CVE-2023-6591Medium4.82024-02-12The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Barangay_management_system_project · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25208Medium5.42024-02-14Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php.
CVE-2024-25207Medium5.42024-02-14Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php.

Beyondtrust · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25083Medium6.32024-02-16An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1.
CVE-2024-1591Low3.32024-02-16Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy.

Canonical · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49721Medium6.72024-02-14An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD.
CVE-2023-48733Medium6.72024-02-14An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2.

Chartjs_project · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6082Medium5.42024-02-12The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…
CVE-2023-6081Medium5.42024-02-12The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…

Debian · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50868High7.52024-02-14The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain…
CVE-2024-24814High7.52024-02-13mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality.

Exiv2 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25112Medium5.52024-02-12Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
CVE-2024-24826Medium5.52024-02-12Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

Filseclab · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1140Medium6.12024-02-13Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.
CVE-2024-1096Medium5.52024-02-13Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80…

Gestsup · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52059Medium5.42024-02-13A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
CVE-2023-52060Medium4.32024-02-13A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.

Hgiga · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-26261Critical9.82024-02-15The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability.
CVE-2024-26260Critical9.82024-02-15The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters.

Hima · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24781High7.52024-02-13An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port.
CVE-2024-24782Medium4.32024-02-13An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.

Isc · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6516High7.52024-02-13To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database.
CVE-2023-5680Medium5.32024-02-13If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.

Joinmastodon · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25618Medium4.22024-02-14Mastodon is a free, open-source social network server based on ActivityPub.
CVE-2024-25619Low3.12024-02-14Mastodon is a free, open-source social network server based on ActivityPub.

Mappresspro · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0420Medium5.42024-02-12The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
CVE-2024-0421Medium5.32024-02-12The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.

Nodejs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24750Medium6.52024-02-16Undici is an HTTP/1.1 client, written from scratch for Node.js.
CVE-2024-24758Low3.92024-02-16Undici is an HTTP/1.1 client, written from scratch for Node.js.

Qnap · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50358Medium5.82024-02-13An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
CVE-2023-47218Medium5.82024-02-13An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

Tenable · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1367High7.22024-02-14A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the S…
CVE-2024-1471Medium5.92024-02-14An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.

Unitedthemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24926High7.52024-02-12Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.
CVE-2024-24927High7.12024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Mul…

Advradius · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22923Critical9.82024-02-13SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.

Alanclarke · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51931High7.52024-02-16An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.

Alayacare · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6451High8.62024-02-16Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

Algosec · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-46596Medium5.12024-02-15Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable s…

Apache · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23952Medium6.52024-02-14This is a duplicate for CVE-2023-46104.

Appleple · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25559Medium4.72024-02-15URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8.

Ari Soft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24884Medium4.32024-02-12Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.

Arunas Liuiza · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24928Medium6.52024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7.

Authcrunch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52430Medium6.12024-02-12The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.

Automattic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50875Medium6.52024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, &…

Calenfretts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6499Medium5.42024-02-12The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Cochinoman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6501Medium4.32024-02-12The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVESeverityCVSSKEVPublishedSummary
CVE-2024-24887Medium5.42024-02-12Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact For…

Cszcms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25414Critical9.82024-02-16An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Darktrace · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22854Medium6.12024-02-16DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified.

Dbartholomae · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-4437Low3.52024-02-12A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4.

Deconf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0250Medium6.12024-02-12The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file.

Derhansen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24751Medium4.32024-02-13sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid.

Devfile · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1485High8.02024-02-14A flaw was found in the decompression function of registry-support.

Digital-peak · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21727Medium6.12024-02-15XSS vulnerability in DP Calendar component for Joomla.

Djo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24932High7.12024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3.

Ec-web · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1523High8.82024-02-15EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executi…

Ellucian · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49339Medium6.52024-02-13Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.

Eset · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0353High7.82024-02-15Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

Fatcatapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0708Medium5.32024-02-15The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2.

Firebearstudio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25413High7.22024-02-16A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.

Flusity · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25502Critical9.82024-02-15Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.

Ftwr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24929Medium4.32024-02-12Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6.

G5plus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24797Critical9.82024-02-12Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3.

Geek Code Lab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24889Medium6.12024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a throug…

Gitlab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1250Medium6.52024-02-12An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2.

Hazelcast · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-45860Medium6.52024-02-16In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector.

Hcl Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28018Medium5.52024-02-12HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests.

Helm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25620Medium6.42024-02-15Helm is a tool for managing Charts.

Honeywell · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1309Medium6.52024-02-13Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.

Idocv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24377Critical9.82024-02-16An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script.

Inprax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0390Critical9.82024-02-15INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials.

Ivant · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22024High8.32024-02-13An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authenticatio…

Kalli Dan. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-46615Medium5.42024-02-12Deserialization of Untrusted Data vulnerability in Kalli Dan.

Koha · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24337High8.02024-02-12CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Pa…

Lenovo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23591Low2.02024-02-16ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify…

Mage-people · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24796High8.22024-02-12Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEven…

Manageengine · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21775High8.32024-02-16Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.

Mapshaper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1163High7.12024-02-13The attacker may exploit a path traversal vulnerability leading to information disclosure.

Mhenrixon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25122High7.12024-02-13sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run.

Microfocus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0622High8.82024-02-15Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms.

Miniorange · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6036Critical9.82024-02-12The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'.

Mitsubishielectric · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6815Medium6.52024-02-13Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenti…

Moodle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1439Medium6.52024-02-12Inadequate access control in Moodle LMS.

Motorola · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25360Medium5.32024-02-12A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.

Mystenlabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-42374Critical9.82024-02-13An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component.

Nicdark · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51403Medium6.52024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8.

Ninjateam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51370Medium5.92024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4.

Open-mss · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25123High7.32024-02-15MSS (Mission Support System) is an open source package designed for planning atmospheric research flights.

Openrefine · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23833High7.52024-02-12OpenRefine is a free, open source power tool for working with messy data and improving it.

Opentext · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6123High7.52024-02-15Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.

Otwthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24930Medium6.52024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16.

Photoboxone · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25914Medium4.32024-02-13Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.

Pixelfed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25108Critical9.92024-02-12Pixelfed is an open source photo sharing platform.

Postahsil · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7081Critical9.82024-02-15Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection.

Prasidhda Malla · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24933High7.12024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.

Propertyhive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23513High8.72024-02-12Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.

Red Hat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1459Medium5.32024-02-12A path traversal vulnerability was found in Undertow.

Rockwell Automation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21915Critical9.02024-02-16A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP).

Silabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0240Medium6.52024-02-15A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.

Smartcalc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21728Medium6.12024-02-15An Open Redirect vulnerability was found in osTicky2 below 2.2.8.

Spider-themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0248Medium4.32024-02-12The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as we…

Storeapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0566High7.22024-02-12The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Swadeshswain · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24931Medium6.52024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2.

Sygnoos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6294High7.22024-02-12The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.

Treasure-data · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25125Medium5.32024-02-14Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms.

Trellix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6072Medium4.62024-02-13A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when acc…

Tri · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7233Medium4.82024-02-12The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…

Unipa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6441Critical9.82024-02-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc.

Wolfssl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6937Medium5.32024-02-15wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries.

Wp Swings · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25100Critical10.02024-02-12Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4.

Wpsimpletools · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24935Medium4.32024-02-12Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4.

Wpxpo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23512High8.72024-02-12Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.

Yannick Lefebvre · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24875Medium4.32024-02-12Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13.