Patch Tuesday — February 2024
2024-02-13 · 594 CVEs
CVEs published or modified the week of 2024-02-13, partitioned by vendor.
Microsoft (89 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-20738 | Critical | 9.8 | — | 2024-02-15 | Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. |
CVE-2024-21413 | Critical | 9.8 | KEV | 2024-02-13 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2024-21410 | Critical | 9.8 | KEV | 2024-02-13 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2024-21401 | Critical | 9.8 | — | 2024-02-13 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability |
CVE-2024-25110 | Critical | 9.8 | — | 2024-02-12 | The UAMQP is a general purpose C library for AMQP 1.0. |
CVE-2024-21364 | Critical | 9.3 | — | 2024-02-13 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability |
CVE-2024-21403 | Critical | 9.0 | — | 2024-02-13 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
CVE-2024-21376 | Critical | 9.0 | — | 2024-02-13 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability |
CVE-2024-21420 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21391 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21378 | High | 8.8 | — | 2024-02-13 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2024-21375 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21372 | High | 8.8 | — | 2024-02-13 | Windows OLE Remote Code Execution Vulnerability |
CVE-2024-21370 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21369 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21368 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21367 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21366 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21365 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21361 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21360 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21359 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21358 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21353 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability |
CVE-2024-21352 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21350 | High | 8.8 | — | 2024-02-13 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21349 | High | 8.8 | — | 2024-02-13 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability |
CVE-2024-21345 | High | 8.8 | — | 2024-02-13 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-21395 | High | 8.2 | — | 2024-02-13 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2024-21412 | High | 8.1 | KEV | 2024-02-13 | Internet Shortcut Files Security Feature Bypass Vulnerability |
CVE-2024-21357 | High | 8.1 | — | 2024-02-13 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
CVE-2024-21380 | High | 8.0 | — | 2024-02-13 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability |
CVE-2024-20739 | High | 7.8 | — | 2024-02-15 | Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20731 | High | 7.8 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20730 | High | 7.8 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20729 | High | 7.8 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20728 | High | 7.8 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20727 | High | 7.8 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20726 | High | 7.8 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-21384 | High | 7.8 | — | 2024-02-13 | Microsoft Office OneNote Remote Code Execution Vulnerability |
CVE-2024-21379 | High | 7.8 | — | 2024-02-13 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2024-21363 | High | 7.8 | — | 2024-02-13 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
CVE-2024-21354 | High | 7.8 | — | 2024-02-13 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
CVE-2024-21346 | High | 7.8 | — | 2024-02-13 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-21338 | High | 7.8 | KEV | 2024-02-13 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-21315 | High | 7.8 | — | 2024-02-13 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability |
CVE-2024-20673 | High | 7.8 | — | 2024-02-13 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2024-21396 | High | 7.6 | — | 2024-02-13 | Dynamics 365 Sales Spoofing Vulnerability |
CVE-2024-21394 | High | 7.6 | — | 2024-02-13 | Dynamics 365 Field Service Spoofing Vulnerability |
CVE-2024-21393 | High | 7.6 | — | 2024-02-13 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2024-21389 | High | 7.6 | — | 2024-02-13 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2024-21351 | High | 7.6 | KEV | 2024-02-13 | Windows SmartScreen Security Feature Bypass Vulnerability |
CVE-2024-21328 | High | 7.6 | — | 2024-02-13 | Dynamics 365 Sales Spoofing Vulnerability |
CVE-2024-21327 | High | 7.6 | — | 2024-02-13 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
CVE-2023-50387 | High | 7.5 | — | 2024-02-14 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. |
CVE-2024-21406 | High | 7.5 | — | 2024-02-13 | Windows Printing Service Spoofing Vulnerability |
CVE-2024-21404 | High | 7.5 | — | 2024-02-13 | .NET Denial of Service Vulnerability |
CVE-2024-21386 | High | 7.5 | — | 2024-02-13 | .NET Denial of Service Vulnerability |
CVE-2024-21348 | High | 7.5 | — | 2024-02-13 | Internet Connection Sharing (ICS) Denial of Service Vulnerability |
CVE-2024-21347 | High | 7.5 | — | 2024-02-13 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
CVE-2024-21342 | High | 7.5 | — | 2024-02-13 | Windows DNS Client Denial of Service Vulnerability |
CVE-2024-20667 | High | 7.5 | — | 2024-02-13 | Azure DevOps Server Remote Code Execution Vulnerability |
CVE-2024-21329 | High | 7.3 | — | 2024-02-13 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
CVE-2024-21402 | High | 7.1 | — | 2024-02-13 | Microsoft Outlook Elevation of Privilege Vulnerability |
CVE-2024-21405 | High | 7.0 | — | 2024-02-13 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
CVE-2024-21371 | High | 7.0 | — | 2024-02-13 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-21355 | High | 7.0 | — | 2024-02-13 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
CVE-2024-21381 | Medium | 6.8 | — | 2024-02-13 | Microsoft Azure Active Directory B2C Spoofing Vulnerability |
CVE-2024-21341 | Medium | 6.8 | — | 2024-02-13 | Windows Kernel Remote Code Execution Vulnerability |
CVE-2024-21356 | Medium | 6.5 | — | 2024-02-13 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
CVE-2024-20684 | Medium | 6.5 | — | 2024-02-13 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-20679 | Medium | 6.5 | — | 2024-02-13 | Azure Stack Hub Spoofing Vulnerability |
CVE-2024-21339 | Medium | 6.4 | — | 2024-02-13 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability |
CVE-2024-21344 | Medium | 5.9 | — | 2024-02-13 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
CVE-2024-21343 | Medium | 5.9 | — | 2024-02-13 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
CVE-2024-20695 | Medium | 5.7 | — | 2024-02-13 | Skype for Business Information Disclosure Vulnerability |
CVE-2024-20749 | Medium | 5.5 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20748 | Medium | 5.5 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20747 | Medium | 5.5 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20736 | Medium | 5.5 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20735 | Medium | 5.5 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20734 | Medium | 5.5 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20733 | Medium | 5.5 | — | 2024-02-15 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. |
CVE-2024-21377 | Medium | 5.5 | — | 2024-02-13 | Windows DNS Information Disclosure Vulnerability |
CVE-2024-21362 | Medium | 5.5 | — | 2024-02-13 | Windows Kernel Security Feature Bypass Vulnerability |
CVE-2024-21397 | Medium | 5.3 | — | 2024-02-13 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
CVE-2024-21374 | Medium | 5.0 | — | 2024-02-13 | Microsoft Teams for Android Information Disclosure Vulnerability |
CVE-2024-21340 | Medium | 4.6 | — | 2024-02-13 | Windows Kernel Information Disclosure Vulnerability |
CVE-2024-21304 | Medium | 4.1 | — | 2024-02-13 | Trusted Compute Base Elevation of Privilege Vulnerability |
Other vendors (505 CVEs across 133 vendors)
Intel · 74 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-39425 | High | 8.8 | — | 2024-02-14 | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-22293 | High | 8.2 | — | 2024-02-14 | Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-25777 | High | 7.9 | — | 2024-02-14 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-35121 | High | 7.8 | — | 2024-02-14 | Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local acces… |
CVE-2023-22342 | High | 7.7 | — | 2024-02-14 | Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-34351 | High | 7.5 | — | 2024-02-14 | Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access. |
CVE-2023-39941 | High | 7.1 | — | 2024-02-14 | Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-33875 | High | 7.1 | — | 2024-02-14 | Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access.. |
CVE-2023-32647 | Medium | 6.8 | — | 2024-02-14 | Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-41231 | Medium | 6.7 | — | 2024-02-14 | Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-41091 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-40156 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-40154 | Medium | 6.7 | — | 2024-02-14 | Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privillaged user to potentially enable escalation of privilege via local access. |
CVE-2023-39932 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privillaged user to potentially enable escalation of privilege via local access. |
CVE-2023-39432 | Medium | 6.7 | — | 2024-02-14 | Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-38566 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-38135 | Medium | 6.7 | — | 2024-02-14 | Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-36493 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-35769 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-35060 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-35003 | Medium | 6.7 | — | 2024-02-14 | Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-34315 | Medium | 6.7 | — | 2024-02-14 | Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-33870 | Medium | 6.7 | — | 2024-02-14 | Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-32646 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-32618 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-31271 | Medium | 6.7 | — | 2024-02-14 | Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-28745 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-28739 | Medium | 6.7 | — | 2024-02-14 | Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-28407 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-25945 | Medium | 6.7 | — | 2024-02-14 | Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-25779 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-25174 | Medium | 6.7 | — | 2024-02-14 | Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-24591 | Medium | 6.7 | — | 2024-02-14 | Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-24542 | Medium | 6.7 | — | 2024-02-14 | Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-22311 | Medium | 6.7 | — | 2024-02-14 | Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-40161 | Medium | 6.6 | — | 2024-02-14 | Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-27517 | Medium | 6.6 | — | 2024-02-14 | Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-41252 | Medium | 6.5 | — | 2024-02-14 | Out-of-bounds read in some Intel(R) QAT software drivers for Windows before version QAT1.7-W-1.11.0 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-22390 | Medium | 6.5 | — | 2024-02-14 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2023-35062 | Medium | 6.3 | — | 2024-02-14 | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-24481 | Medium | 6.3 | — | 2024-02-14 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-28720 | Medium | 6.1 | — | 2024-02-14 | Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.. |
CVE-2023-28396 | Medium | 6.1 | — | 2024-02-14 | Improper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access. |
CVE-2023-28374 | Medium | 6.1 | — | 2024-02-14 | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-24589 | Medium | 6.1 | — | 2024-02-14 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-29162 | Medium | 6.0 | — | 2024-02-14 | Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-25951 | Medium | 6.0 | — | 2024-02-14 | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-38561 | Medium | 5.5 | — | 2024-02-14 | Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-30767 | Medium | 5.5 | — | 2024-02-14 | Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-25769 | Medium | 5.5 | — | 2024-02-14 | Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-25073 | Medium | 5.5 | — | 2024-02-14 | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-22848 | Medium | 5.5 | — | 2024-02-14 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-32280 | Medium | 5.3 | — | 2024-02-14 | Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access. |
CVE-2023-31189 | Medium | 5.2 | — | 2024-02-14 | Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access. |
CVE-2023-36490 | Medium | 5.0 | — | 2024-02-14 | Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-28715 | Medium | 5.0 | — | 2024-02-14 | Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-26585 | Medium | 5.0 | — | 2024-02-14 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-29153 | Medium | 4.9 | — | 2024-02-14 | Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access. |
CVE-2023-27308 | Medium | 4.6 | — | 2024-02-14 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-34983 | Medium | 4.3 | — | 2024-02-14 | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-32651 | Medium | 4.3 | — | 2024-02-14 | Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-32644 | Medium | 4.3 | — | 2024-02-14 | Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-32642 | Medium | 4.3 | — | 2024-02-14 | Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-26586 | Medium | 4.3 | — | 2024-02-14 | Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-24463 | Medium | 4.3 | — | 2024-02-14 | Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
CVE-2023-27301 | Medium | 4.2 | — | 2024-02-14 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-42776 | Low | 3.8 | — | 2024-02-14 | Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access. |
CVE-2023-27307 | Low | 3.8 | — | 2024-02-14 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2023-27303 | Low | 3.8 | — | 2024-02-14 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2023-27300 | Low | 3.8 | — | 2024-02-14 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2023-26592 | Low | 3.8 | — | 2024-02-14 | Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access. |
CVE-2023-26596 | Low | 2.5 | — | 2024-02-14 | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-26591 | Low | 2.0 | — | 2024-02-14 | Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access. |
CVE-2023-41090 | Low | 1.8 | — | 2024-02-14 | Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access. |
Google · 38 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0031 | Critical | 9.8 | — | 2024-02-16 | In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. |
CVE-2024-0023 | High | 7.8 | — | 2024-02-16 | In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. |
CVE-2024-0021 | High | 7.8 | — | 2024-02-16 | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. |
CVE-2024-0018 | High | 7.8 | — | 2024-02-16 | In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. |
CVE-2024-0015 | High | 7.8 | — | 2024-02-16 | In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. |
CVE-2023-21165 | High | 7.8 | — | 2024-02-16 | In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. |
CVE-2024-0038 | High | 7.8 | — | 2024-02-16 | In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. |
CVE-2024-0036 | High | 7.8 | — | 2024-02-16 | In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. |
CVE-2024-0035 | High | 7.8 | — | 2024-02-16 | In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. |
CVE-2024-0034 | High | 7.8 | — | 2024-02-16 | In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. |
CVE-2024-0033 | High | 7.8 | — | 2024-02-16 | In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. |
CVE-2024-0029 | High | 7.8 | — | 2024-02-16 | In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. |
CVE-2024-0014 | High | 7.8 | — | 2024-02-16 | In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. |
CVE-2023-40115 | High | 7.8 | — | 2024-02-15 | In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. |
CVE-2023-40114 | High | 7.8 | — | 2024-02-15 | In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. |
CVE-2023-40111 | High | 7.8 | — | 2024-02-15 | In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. |
CVE-2023-40110 | High | 7.8 | — | 2024-02-15 | In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. |
CVE-2023-40109 | High | 7.8 | — | 2024-02-15 | In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. |
CVE-2023-40107 | High | 7.8 | — | 2024-02-15 | In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. |
CVE-2023-40106 | High | 7.8 | — | 2024-02-15 | In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. |
CVE-2023-40100 | High | 7.8 | — | 2024-02-15 | In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. |
CVE-2024-0040 | High | 7.5 | — | 2024-02-16 | In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. |
CVE-2023-40104 | High | 7.5 | — | 2024-02-15 | In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. |
CVE-2024-0041 | High | 7.0 | — | 2024-02-16 | In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. |
CVE-2024-0032 | Medium | 6.5 | — | 2024-02-16 | In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. |
CVE-2024-0020 | Medium | 5.5 | — | 2024-02-16 | In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. |
CVE-2024-0017 | Medium | 5.5 | — | 2024-02-16 | In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. |
CVE-2023-40085 | Medium | 5.5 | — | 2024-02-16 | In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-0030 | Medium | 5.5 | — | 2024-02-16 | In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. |
CVE-2023-40093 | Medium | 5.5 | — | 2024-02-16 | In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. |
CVE-2023-40124 | Medium | 5.5 | — | 2024-02-15 | In multiple locations, there is a possible cross-user read due to a confused deputy. |
CVE-2023-40113 | Medium | 5.5 | — | 2024-02-15 | In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. |
CVE-2023-40112 | Medium | 5.5 | — | 2024-02-15 | In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. |
CVE-2023-40105 | Medium | 5.5 | — | 2024-02-15 | In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. |
CVE-2024-0016 | Medium | 5.3 | — | 2024-02-16 | In multiple locations, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-0019 | Medium | 5.0 | — | 2024-02-16 | In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. |
CVE-2024-0037 | Low | 3.3 | — | 2024-02-16 | In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. |
CVE-2023-40122 | Low | 3.3 | — | 2024-02-16 | In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. |
N/a · 34 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25320 | Critical | 9.8 | — | 2024-02-16 | Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php. |
CVE-2024-25217 | Critical | 9.8 | — | 2024-02-14 | Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. |
CVE-2024-25216 | Critical | 9.8 | — | 2024-02-14 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. |
CVE-2024-25215 | Critical | 9.8 | — | 2024-02-14 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. |
CVE-2024-25214 | Critical | 9.8 | — | 2024-02-14 | An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. |
CVE-2024-25211 | Critical | 9.8 | — | 2024-02-14 | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. |
CVE-2024-25210 | Critical | 9.8 | — | 2024-02-14 | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. |
CVE-2024-25209 | Critical | 9.8 | — | 2024-02-14 | Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. |
CVE-2024-24142 | Critical | 9.8 | — | 2024-02-13 | Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. |
CVE-2024-23674 | Critical | 9.6 | — | 2024-02-15 | The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. |
CVE-2022-48623 | Critical | 9.1 | — | 2024-02-13 | The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service. |
CVE-2023-52431 | High | 8.8 | — | 2024-02-13 | The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled). |
CVE-2024-25466 | High | 7.8 | — | 2024-02-16 | Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. |
CVE-2024-25165 | High | 7.8 | — | 2024-02-14 | A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. |
CVE-2023-51787 | High | 7.5 | — | 2024-02-15 | An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. |
CVE-2024-25407 | High | 7.5 | — | 2024-02-13 | SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. |
CVE-2023-38960 | High | 7.3 | — | 2024-02-13 | Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory. |
CVE-2024-25415 | High | 7.2 | — | 2024-02-16 | A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. |
CVE-2024-24386 | High | 7.2 | — | 2024-02-15 | An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. |
CVE-2024-25301 | High | 7.2 | — | 2024-02-14 | Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. |
CVE-2024-25213 | High | 7.2 | — | 2024-02-14 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php. |
CVE-2024-25212 | High | 7.2 | — | 2024-02-14 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. |
CVE-2023-49508 | Medium | 6.5 | — | 2024-02-16 | Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. |
CVE-2023-26562 | Medium | 6.5 | — | 2024-02-13 | In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp. |
CVE-2024-1530 | Medium | 6.3 | — | 2024-02-15 | A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. |
CVE-2023-50808 | Medium | 6.1 | — | 2024-02-13 | Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI. |
CVE-2023-48432 | Medium | 6.1 | — | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. |
CVE-2023-45207 | Medium | 6.1 | — | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. |
CVE-2023-45206 | Medium | 6.1 | — | 2024-02-13 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. |
CVE-2024-24256 | Medium | 5.9 | — | 2024-02-15 | SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory. |
CVE-2024-21491 | Medium | 5.9 | — | 2024-02-13 | Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. |
CVE-2024-25300 | Medium | 4.8 | — | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. |
CVE-2024-25373 | Medium | 4.6 | — | 2024-02-15 | Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function. |
CVE-2023-35061 | Medium | 4.3 | — | 2024-02-14 | Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
Dell · 31 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-39245 | Critical | 9.8 | — | 2024-02-15 | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. |
CVE-2023-32484 | Critical | 9.8 | — | 2024-02-15 | Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. |
CVE-2023-32462 | Critical | 9.8 | — | 2024-02-15 | Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. |
CVE-2023-28078 | Critical | 9.1 | — | 2024-02-15 | Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. |
CVE-2024-22454 | High | 8.8 | — | 2024-02-13 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. |
CVE-2023-44283 | High | 7.8 | — | 2024-02-14 | In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. |
CVE-2024-22228 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. |
CVE-2024-22227 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. |
CVE-2024-22225 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. |
CVE-2024-22224 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. |
CVE-2024-22223 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. |
CVE-2024-22222 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. |
CVE-2024-0170 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. |
CVE-2024-0168 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. |
CVE-2024-0167 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. |
CVE-2024-0166 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. |
CVE-2024-0165 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. |
CVE-2024-0164 | High | 7.8 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. |
CVE-2023-39244 | High | 7.3 | — | 2024-02-15 | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. |
CVE-2024-22426 | High | 7.2 | — | 2024-02-16 | Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. |
CVE-2023-25535 | High | 7.2 | — | 2024-02-14 | Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). |
CVE-2024-22445 | High | 7.2 | — | 2024-02-13 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. |
CVE-2024-22425 | Medium | 6.5 | — | 2024-02-16 | Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. |
CVE-2024-22230 | Medium | 6.4 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. |
CVE-2023-39249 | Medium | 6.3 | — | 2024-02-14 | Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respectiv… |
CVE-2024-0169 | Medium | 5.7 | — | 2024-02-12 | Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. |
CVE-2023-44294 | Medium | 5.4 | — | 2024-02-14 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in… |
CVE-2023-44293 | Medium | 5.4 | — | 2024-02-14 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in… |
CVE-2024-22221 | Medium | 4.5 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. |
CVE-2024-22455 | Medium | 4.4 | — | 2024-02-14 | Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. |
CVE-2024-22226 | Low | 3.3 | — | 2024-02-12 | Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. |
Siemens · 28 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23816 | Critical | 9.8 | — | 2024-02-13 | A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non… |
CVE-2024-23811 | High | 8.8 | — | 2024-02-13 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). |
CVE-2024-23810 | High | 8.8 | — | 2024-02-13 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). |
CVE-2024-23812 | High | 8.0 | — | 2024-02-13 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). |
CVE-2024-24925 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). |
CVE-2024-24924 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). |
CVE-2024-24923 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). |
CVE-2024-24922 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). |
CVE-2024-24921 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). |
CVE-2024-24920 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). |
CVE-2024-23804 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). |
CVE-2024-23803 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). |
CVE-2024-23802 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). |
CVE-2024-23798 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). |
CVE-2024-23797 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). |
CVE-2024-23796 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). |
CVE-2024-23795 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). |
CVE-2024-22042 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Unicam FX (All versions). |
CVE-2023-50236 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Polarion ALM (All versions < V2404.0). |
CVE-2023-49125 | High | 7.8 | — | 2024-02-13 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE20… |
CVE-2023-51440 | High | 7.5 | — | 2024-02-13 | A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1… |
CVE-2024-23813 | High | 7.3 | — | 2024-02-13 | A vulnerability has been identified in Polarion ALM (All versions < V2404.0). |
CVE-2023-48364 | Medium | 6.5 | — | 2024-02-13 | A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2… |
CVE-2023-48363 | Medium | 6.5 | — | 2024-02-13 | A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2… |
CVE-2024-23801 | Low | 3.3 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). |
CVE-2024-23800 | Low | 3.3 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). |
CVE-2024-23799 | Low | 3.3 | — | 2024-02-13 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). |
CVE-2024-22043 | Low | 3.3 | — | 2024-02-13 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). |
F5 · 20 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22093 | High | 8.7 | — | 2024-02-14 | When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. |
CVE-2024-24990 | High | 7.5 | — | 2024-02-14 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. |
CVE-2024-24989 | High | 7.5 | — | 2024-02-14 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. |
CVE-2024-24775 | High | 7.5 | — | 2024-02-14 | When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (Eo… |
CVE-2024-23982 | High | 7.5 | — | 2024-02-14 | When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. |
CVE-2024-23979 | High | 7.5 | — | 2024-02-14 | When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. |
CVE-2024-23805 | High | 7.5 | — | 2024-02-14 | Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. |
CVE-2024-23314 | High | 7.5 | — | 2024-02-14 | When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not eval… |
CVE-2024-23308 | High | 7.5 | — | 2024-02-14 | When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. |
CVE-2024-21849 | High | 7.5 | — | 2024-02-14 | When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached… |
CVE-2024-21789 | High | 7.5 | — | 2024-02-14 | When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. |
CVE-2024-21771 | High | 7.5 | — | 2024-02-14 | For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software ver… |
CVE-2024-21763 | High | 7.5 | — | 2024-02-14 | When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached E… |
CVE-2024-22389 | High | 7.2 | — | 2024-02-14 | When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. |
CVE-2024-23306 | High | 7.1 | — | 2024-02-14 | A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
CVE-2024-21782 | Medium | 6.7 | — | 2024-02-14 | BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. |
CVE-2024-24966 | Medium | 6.2 | — | 2024-02-14 | When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
CVE-2024-23976 | Medium | 6.0 | — | 2024-02-14 | When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. |
CVE-2024-23607 | Medium | 5.5 | — | 2024-02-14 | A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not eva… |
CVE-2024-23603 | Low | 3.8 | — | 2024-02-14 | An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. |
Adobe · 15 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-20720 | Critical | 9.1 | — | 2024-02-15 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an… |
CVE-2024-20719 | Critical | 9.1 | — | 2024-02-15 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. |
CVE-2024-20750 | High | 7.8 | — | 2024-02-15 | Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2024-20744 | High | 7.8 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20743 | High | 7.8 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20742 | High | 7.8 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2024-20741 | High | 7.8 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20740 | High | 7.8 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20723 | High | 7.8 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20725 | Medium | 5.5 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20724 | Medium | 5.5 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20722 | Medium | 5.5 | — | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20717 | Medium | 5.4 | — | 2024-02-15 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-20716 | Medium | 4.9 | — | 2024-02-15 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. |
CVE-2024-20718 | Medium | 4.3 | — | 2024-02-15 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. |
Sap · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22131 | Critical | 9.1 | — | 2024-02-13 | In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. |
CVE-2024-24743 | High | 8.6 | — | 2024-02-13 | SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data… |
CVE-2024-22130 | High | 7.6 | — | 2024-02-13 | Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WE… |
CVE-2024-25642 | High | 7.4 | — | 2024-02-13 | Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. |
CVE-2024-22132 | High | 7.4 | — | 2024-02-13 | SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges wit… |
CVE-2024-24739 | Medium | 6.3 | — | 2024-02-13 | SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application. |
CVE-2024-22126 | Medium | 6.1 | — | 2024-02-13 | The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. |
CVE-2024-22129 | Medium | 5.4 | — | 2024-02-13 | SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. |
CVE-2024-24740 | Medium | 5.3 | — | 2024-02-13 | SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could oth… |
CVE-2024-22128 | Medium | 4.7 | — | 2024-02-13 | SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerabi… |
CVE-2024-25643 | Medium | 4.3 | — | 2024-02-13 | The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. |
CVE-2024-24741 | Medium | 4.3 | — | 2024-02-13 | SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. |
CVE-2024-24742 | Medium | 4.1 | — | 2024-02-13 | SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting… |
Freebsd · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-23088 | Critical | 9.8 | — | 2024-02-15 | The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. |
CVE-2022-23092 | High | 8.8 | — | 2024-02-15 | The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. |
CVE-2022-23087 | High | 8.8 | — | 2024-02-15 | The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. |
CVE-2022-23085 | High | 8.2 | — | 2024-02-15 | A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. |
CVE-2022-23086 | High | 7.8 | — | 2024-02-15 | Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. |
CVE-2022-23090 | High | 7.7 | — | 2024-02-15 | The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. |
CVE-2022-23084 | High | 7.5 | — | 2024-02-15 | The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. |
CVE-2022-23093 | Medium | 6.5 | — | 2024-02-15 | ping reads raw IP packets from the network to process responses in the pr_pack() function. |
CVE-2024-25940 | Medium | 6.3 | — | 2024-02-15 | `bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. |
CVE-2022-23089 | Medium | 4.7 | — | 2024-02-15 | When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. |
CVE-2022-23091 | Medium | 4.0 | — | 2024-02-15 | A particular case of memory sharing is mishandled in the virtual memory system. |
CVE-2024-25941 | Low | 3.3 | — | 2024-02-15 | The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). |
Github · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1378 | Critical | 9.1 | — | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options… |
CVE-2024-1374 | Critical | 9.1 | — | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log fo… |
CVE-2024-1372 | Critical | 9.1 | — | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. |
CVE-2024-1369 | Critical | 9.1 | — | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collec… |
CVE-2024-1359 | Critical | 9.1 | — | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. |
CVE-2024-1355 | Critical | 9.1 | — | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while se… |
CVE-2024-1354 | High | 8.0 | — | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. |
CVE-2024-1482 | High | 7.1 | — | 2024-02-14 | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. |
CVE-2024-1084 | Medium | 6.5 | — | 2024-02-13 | Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with… |
CVE-2024-1082 | Medium | 6.3 | — | 2024-02-13 | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact… |
Code-projects · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25223 | Critical | 9.8 | — | 2024-02-14 | Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. |
CVE-2024-25222 | Critical | 9.8 | — | 2024-02-14 | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. |
CVE-2024-25220 | Critical | 9.8 | — | 2024-02-14 | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. |
CVE-2024-25226 | Medium | 6.1 | — | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. |
CVE-2024-25221 | Medium | 6.1 | — | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. |
CVE-2024-25219 | Medium | 6.1 | — | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. |
CVE-2024-25218 | Medium | 6.1 | — | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. |
CVE-2024-25225 | Medium | 5.4 | — | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. |
CVE-2024-25224 | Medium | 5.4 | — | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function. |
Fedoraproject · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1488 | High | 8.0 | — | 2024-02-15 | A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. |
CVE-2023-5679 | High | 7.5 | — | 2024-02-13 | A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. |
CVE-2023-5517 | High | 7.5 | — | 2024-02-13 | A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally res… |
CVE-2023-4408 | High | 7.5 | — | 2024-02-13 | The DNS message parsing code in `named` includes a section whose computational complexity is overly high. |
CVE-2024-1062 | Medium | 5.5 | — | 2024-02-12 | A heap overflow flaw was found in 389-ds-base. |
CVE-2023-52429 | Medium | 5.5 | — | 2024-02-12 | dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. |
CVE-2023-6681 | Medium | 5.3 | — | 2024-02-12 | A vulnerability was found in JWCrypto. |
CVE-2024-1454 | Low | 3.4 | — | 2024-02-12 | The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. |
Sharp · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23786 | Critical | 9.3 | — | 2024-02-14 | Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the us… |
CVE-2024-23789 | High | 8.8 | — | 2024-02-14 | Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. |
CVE-2024-23783 | High | 8.8 | — | 2024-02-14 | Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. |
CVE-2024-23788 | High | 8.1 | — | 2024-02-14 | Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the aff… |
CVE-2024-23787 | Medium | 6.5 | — | 2024-02-14 | Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. |
CVE-2024-23785 | Medium | 6.5 | — | 2024-02-14 | Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. |
CVE-2024-23784 | Medium | 6.5 | — | 2024-02-14 | Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed pas… |
Zoom · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24691 | Critical | 9.6 | — | 2024-02-14 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. |
CVE-2024-24697 | High | 7.2 | — | 2024-02-14 | Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. |
CVE-2024-24696 | Medium | 6.8 | — | 2024-02-14 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. |
CVE-2024-24695 | Medium | 6.8 | — | 2024-02-14 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. |
CVE-2024-24699 | Medium | 6.5 | — | 2024-02-14 | Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. |
CVE-2024-24690 | Medium | 5.4 | — | 2024-02-14 | Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. |
CVE-2024-24698 | Medium | 4.9 | — | 2024-02-14 | Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. |
Amd · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-46757 | High | 7.8 | — | 2024-02-13 | Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. |
CVE-2023-20587 | High | 7.1 | — | 2024-02-13 | Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. |
CVE-2023-31346 | Medium | 6.0 | — | 2024-02-13 | Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. |
CVE-2023-20579 | Medium | 6.0 | — | 2024-02-13 | Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. |
CVE-2023-31347 | Medium | 4.9 | — | 2024-02-13 | Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. |
CVE-2023-20570 | Low | 3.3 | — | 2024-02-13 | Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. |
Ibm · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-34309 | Medium | 5.9 | — | 2024-02-12 | IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
CVE-2022-34310 | Medium | 5.9 | — | 2024-02-12 | IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
CVE-2023-46186 | Medium | 5.3 | — | 2024-02-14 | IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. |
CVE-2022-38714 | Medium | 4.9 | — | 2024-02-12 | IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. |
CVE-2022-22506 | Medium | 4.6 | — | 2024-02-12 | IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. |
CVE-2022-34311 | Medium | 4.3 | — | 2024-02-12 | IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. |
Open-xchange · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41704 | High | 7.1 | — | 2024-02-12 | Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. |
CVE-2023-41707 | Medium | 6.5 | — | 2024-02-12 | Processing of user-defined mail search expressions is not limited. |
CVE-2023-41706 | Medium | 6.5 | — | 2024-02-12 | Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. |
CVE-2023-41705 | Medium | 6.5 | — | 2024-02-12 | Processing of user-defined DAV user-agent strings is not limited. |
CVE-2023-41703 | Medium | 6.1 | — | 2024-02-12 | User ID references at mentions in document comments were not correctly sanitized. |
CVE-2023-41708 | Medium | 5.4 | — | 2024-02-12 | References to the "app loader" functionality could contain redirects to unexpected locations. |
Fortinet · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23113 | Critical | 9.8 | KEV | 2024-02-15 | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions… |
CVE-2023-45581 | High | 8.8 | — | 2024-02-15 | An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affectin… |
CVE-2023-26206 | Medium | 6.8 | — | 2024-02-15 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fi… |
CVE-2023-44253 | Medium | 5.0 | — | 2024-02-15 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigDa… |
CVE-2023-47537 | Medium | 4.8 | — | 2024-02-15 | An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in… |
Gambio · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23763 | Critical | 9.8 | — | 2024-02-12 | SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. |
CVE-2024-23761 | Critical | 9.8 | — | 2024-02-12 | Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. |
CVE-2024-23759 | Critical | 9.8 | — | 2024-02-12 | Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. |
CVE-2024-23762 | High | 7.8 | — | 2024-02-12 | Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. |
CVE-2024-23760 | Low | 2.7 | — | 2024-02-12 | Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. |
Palo Alto Networks · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0007 | Medium | 6.8 | — | 2024-02-14 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. |
CVE-2024-0008 | Medium | 6.6 | — | 2024-02-14 | Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. |
CVE-2024-0009 | Medium | 6.3 | — | 2024-02-14 | An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. |
CVE-2024-0011 | Medium | 4.3 | — | 2024-02-14 | A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user… |
CVE-2024-0010 | Medium | 4.3 | — | 2024-02-14 | A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious l… |
Solarwinds · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23479 | Critical | 9.6 | — | 2024-02-15 | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. |
CVE-2024-23476 | Critical | 9.6 | — | 2024-02-15 | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. |
CVE-2023-40057 | Critical | 9.0 | — | 2024-02-15 | The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. |
CVE-2024-23478 | High | 8.0 | — | 2024-02-15 | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. |
CVE-2024-23477 | High | 7.9 | — | 2024-02-15 | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. |
Linux · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25744 | High | 8.8 | — | 2024-02-12 | In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. |
CVE-2024-25741 | Medium | 5.5 | — | 2024-02-12 | printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. |
CVE-2024-25740 | Medium | 5.5 | — | 2024-02-12 | A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. |
CVE-2024-25739 | Medium | 5.5 | — | 2024-02-12 | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. |
Netapp · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21983 | Medium | 6.5 | — | 2024-02-16 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. |
CVE-2024-21984 | Medium | 5.9 | — | 2024-02-16 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-21987 | Medium | 5.4 | — | 2024-02-16 | SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings |
CVE-2024-25617 | Medium | 5.3 | — | 2024-02-14 | Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. |
Schneider Electric · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0568 | High | 8.8 | — | 2024-02-14 | CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. |
CVE-2023-6408 | High | 8.1 | — | 2024-02-14 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the… |
CVE-2023-6409 | High | 7.7 | — | 2024-02-14 | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. |
CVE-2023-27975 | High | 7.1 | — | 2024-02-14 | CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. |
Typo3 · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25121 | High | 7.1 | — | 2024-02-13 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. |
CVE-2024-25119 | Medium | 4.9 | — | 2024-02-13 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. |
CVE-2024-25120 | Medium | 4.3 | — | 2024-02-13 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. |
CVE-2024-25118 | Medium | 4.3 | — | 2024-02-13 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. |
Bold-themes · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1159 | Medium | 6.4 | — | 2024-02-13 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied a… |
CVE-2024-1160 | Medium | 5.4 | — | 2024-02-13 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. |
CVE-2024-1157 | Medium | 5.4 | — | 2024-02-13 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. |
Comarch · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-4539 | High | 7.5 | — | 2024-02-15 | Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. |
CVE-2023-4537 | High | 7.4 | — | 2024-02-15 | Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. |
CVE-2023-4538 | Medium | 6.2 | — | 2024-02-15 | The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. |
Contiki-ng · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50927 | High | 8.6 | — | 2024-02-14 | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. |
CVE-2023-50926 | High | 7.5 | — | 2024-02-14 | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. |
CVE-2023-48229 | High | 7.0 | — | 2024-02-14 | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. |
Cusg · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48987 | High | 7.5 | — | 2024-02-14 | Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to… |
CVE-2023-48986 | Medium | 6.1 | — | 2024-02-14 | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted scr… |
CVE-2023-48985 | Medium | 6.1 | — | 2024-02-14 | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted scr… |
Ebmtech · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-26264 | Critical | 9.8 | — | 2024-02-15 | EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. |
CVE-2024-26262 | High | 8.8 | — | 2024-02-15 | EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records… |
CVE-2024-26263 | Medium | 5.3 | — | 2024-02-15 | EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. |
Grafana · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5123 | High | 8.0 | — | 2024-02-14 | The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specif… |
CVE-2023-6152 | Medium | 5.4 | — | 2024-02-13 | A user changing their email after signing up and verifying it can change it without verification in profile settings. |
CVE-2023-5122 | Medium | 5.0 | — | 2024-02-14 | Grafana is an open-source platform for monitoring and observability. |
Hp · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6138 | High | 7.9 | — | 2024-02-14 | A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. |
CVE-2022-48220 | Medium | 6.4 | — | 2024-02-14 | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. |
CVE-2022-48219 | Medium | 6.4 | — | 2024-02-14 | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. |
Utarit · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5155 | Critical | 9.8 | — | 2024-02-15 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. |
CVE-2023-6255 | High | 7.5 | — | 2024-02-15 | Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable. |
CVE-2023-4993 | High | 7.5 | — | 2024-02-15 | Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. |
4ipnet · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24300 | Critical | 9.8 | — | 2024-02-14 | 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. |
CVE-2024-24301 | High | 8.8 | — | 2024-02-14 | Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privilege… |
Alf · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25628 | High | 7.6 | — | 2024-02-16 | Alf.io is a free and open source event attendance management system. |
CVE-2024-25627 | Low | 3.5 | — | 2024-02-16 | Alf.io is a free and open source event attendance management system. |
Anti-virus · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23440 | High | 7.1 | — | 2024-02-13 | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. |
CVE-2024-23439 | High | 7.1 | — | 2024-02-13 | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver. |
Ays-pro · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47526 | Medium | 5.9 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a thr… |
CVE-2023-6591 | Medium | 4.8 | — | 2024-02-12 | The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
Barangay_management_system_project · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25208 | Medium | 5.4 | — | 2024-02-14 | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. |
CVE-2024-25207 | Medium | 5.4 | — | 2024-02-14 | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. |
Beyondtrust · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25083 | Medium | 6.3 | — | 2024-02-16 | An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. |
CVE-2024-1591 | Low | 3.3 | — | 2024-02-16 | Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. |
Canonical · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49721 | Medium | 6.7 | — | 2024-02-14 | An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. |
CVE-2023-48733 | Medium | 6.7 | — | 2024-02-14 | An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. |
Chartjs_project · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6082 | Medium | 5.4 | — | 2024-02-12 | The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is… |
CVE-2023-6081 | Medium | 5.4 | — | 2024-02-12 | The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is… |
Debian · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50868 | High | 7.5 | — | 2024-02-14 | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain… |
CVE-2024-24814 | High | 7.5 | — | 2024-02-13 | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. |
Exiv2 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25112 | Medium | 5.5 | — | 2024-02-12 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. |
CVE-2024-24826 | Medium | 5.5 | — | 2024-02-12 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. |
Filseclab · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1140 | Medium | 6.1 | — | 2024-02-13 | Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver. |
CVE-2024-1096 | Medium | 5.5 | — | 2024-02-13 | Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80… |
Gestsup · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52059 | Medium | 5.4 | — | 2024-02-13 | A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. |
CVE-2023-52060 | Medium | 4.3 | — | 2024-02-13 | A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request. |
Hgiga · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-26261 | Critical | 9.8 | — | 2024-02-15 | The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. |
CVE-2024-26260 | Critical | 9.8 | — | 2024-02-15 | The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. |
Hima · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24781 | High | 7.5 | — | 2024-02-13 | An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. |
CVE-2024-24782 | Medium | 4.3 | — | 2024-02-13 | An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. |
Isc · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6516 | High | 7.5 | — | 2024-02-13 | To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. |
CVE-2023-5680 | Medium | 5.3 | — | 2024-02-13 | If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. |
Joinmastodon · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25618 | Medium | 4.2 | — | 2024-02-14 | Mastodon is a free, open-source social network server based on ActivityPub. |
CVE-2024-25619 | Low | 3.1 | — | 2024-02-14 | Mastodon is a free, open-source social network server based on ActivityPub. |
Mappresspro · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0420 | Medium | 5.4 | — | 2024-02-12 | The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks |
CVE-2024-0421 | Medium | 5.3 | — | 2024-02-12 | The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. |
Nodejs · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24750 | Medium | 6.5 | — | 2024-02-16 | Undici is an HTTP/1.1 client, written from scratch for Node.js. |
CVE-2024-24758 | Low | 3.9 | — | 2024-02-16 | Undici is an HTTP/1.1 client, written from scratch for Node.js. |
Qnap · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50358 | Medium | 5.8 | — | 2024-02-13 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. |
CVE-2023-47218 | Medium | 5.8 | — | 2024-02-13 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. |
Tenable · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1367 | High | 7.2 | — | 2024-02-14 | A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the S… |
CVE-2024-1471 | Medium | 5.9 | — | 2024-02-14 | An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. |
Unitedthemes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24926 | High | 7.5 | — | 2024-02-12 | Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. |
CVE-2024-24927 | High | 7.1 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Mul… |
Advradius · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22923 | Critical | 9.8 | — | 2024-02-13 | SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. |
Alanclarke · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51931 | High | 7.5 | — | 2024-02-16 | An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. |
Alayacare · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6451 | High | 8.6 | — | 2024-02-16 | Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms. |
Algosec · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-46596 | Medium | 5.1 | — | 2024-02-15 | Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable s… |
Apache · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23952 | Medium | 6.5 | — | 2024-02-14 | This is a duplicate for CVE-2023-46104. |
Appleple · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25559 | Medium | 4.7 | — | 2024-02-15 | URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. |
Ari Soft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24884 | Medium | 4.3 | — | 2024-02-12 | Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2. |
Arunas Liuiza · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24928 | Medium | 6.5 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7. |
Authcrunch · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52430 | Medium | 6.1 | — | 2024-02-12 | The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring. |
Automattic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50875 | Medium | 6.5 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, &… |
Calenfretts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6499 | Medium | 5.4 | — | 2024-02-12 | The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
Cochinoman · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6501 | Medium | 4.3 | — | 2024-02-12 | The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
Contest Gallery · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24887 | Medium | 5.4 | — | 2024-02-12 | Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact For… |
Cszcms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25414 | Critical | 9.8 | — | 2024-02-16 | An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. |
Darktrace · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22854 | Medium | 6.1 | — | 2024-02-16 | DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. |
Dbartholomae · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-4437 | Low | 3.5 | — | 2024-02-12 | A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. |
Deconf · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0250 | Medium | 6.1 | — | 2024-02-12 | The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. |
Derhansen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24751 | Medium | 4.3 | — | 2024-02-13 | sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. |
Devfile · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1485 | High | 8.0 | — | 2024-02-14 | A flaw was found in the decompression function of registry-support. |
Digital-peak · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21727 | Medium | 6.1 | — | 2024-02-15 | XSS vulnerability in DP Calendar component for Joomla. |
Djo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24932 | High | 7.1 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3. |
Ec-web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1523 | High | 8.8 | — | 2024-02-15 | EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executi… |
Ellucian · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49339 | Medium | 6.5 | — | 2024-02-13 | Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. |
Eset · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0353 | High | 7.8 | — | 2024-02-15 | Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. |
Fatcatapps · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0708 | Medium | 5.3 | — | 2024-02-15 | The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. |
Firebearstudio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25413 | High | 7.2 | — | 2024-02-16 | A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file. |
Flusity · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25502 | Critical | 9.8 | — | 2024-02-15 | Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. |
Ftwr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24929 | Medium | 4.3 | — | 2024-02-12 | Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6. |
G5plus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24797 | Critical | 9.8 | — | 2024-02-12 | Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3. |
Geek Code Lab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24889 | Medium | 6.1 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a throug… |
Gitlab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1250 | Medium | 6.5 | — | 2024-02-12 | An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. |
Hazelcast · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-45860 | Medium | 6.5 | — | 2024-02-16 | In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. |
Hcl Software · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28018 | Medium | 5.5 | — | 2024-02-12 | HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. |
Helm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25620 | Medium | 6.4 | — | 2024-02-15 | Helm is a tool for managing Charts. |
Honeywell · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1309 | Medium | 6.5 | — | 2024-02-13 | Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. |
Idocv · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24377 | Critical | 9.8 | — | 2024-02-16 | An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. |
Inprax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0390 | Critical | 9.8 | — | 2024-02-15 | INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. |
Ivant · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22024 | High | 8.3 | — | 2024-02-13 | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authenticatio… |
Kalli Dan. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-46615 | Medium | 5.4 | — | 2024-02-12 | Deserialization of Untrusted Data vulnerability in Kalli Dan. |
Koha · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24337 | High | 8.0 | — | 2024-02-12 | CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Pa… |
Lenovo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23591 | Low | 2.0 | — | 2024-02-16 | ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify… |
Mage-people · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24796 | High | 8.2 | — | 2024-02-12 | Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEven… |
Manageengine · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21775 | High | 8.3 | — | 2024-02-16 | Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. |
Mapshaper · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1163 | High | 7.1 | — | 2024-02-13 | The attacker may exploit a path traversal vulnerability leading to information disclosure. |
Mhenrixon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25122 | High | 7.1 | — | 2024-02-13 | sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. |
Microfocus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0622 | High | 8.8 | — | 2024-02-15 | Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. |
Miniorange · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6036 | Critical | 9.8 | — | 2024-02-12 | The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. |
Mitsubishielectric · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6815 | Medium | 6.5 | — | 2024-02-13 | Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenti… |
Moodle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1439 | Medium | 6.5 | — | 2024-02-12 | Inadequate access control in Moodle LMS. |
Motorola · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25360 | Medium | 5.3 | — | 2024-02-12 | A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. |
Mystenlabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-42374 | Critical | 9.8 | — | 2024-02-13 | An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. |
Nicdark · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51403 | Medium | 6.5 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8. |
Ninjateam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51370 | Medium | 5.9 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4. |
Open-mss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25123 | High | 7.3 | — | 2024-02-15 | MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. |
Openrefine · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23833 | High | 7.5 | — | 2024-02-12 | OpenRefine is a free, open source power tool for working with messy data and improving it. |
Opentext · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6123 | High | 7.5 | — | 2024-02-15 | Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. |
Otwthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24930 | Medium | 6.5 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16. |
Photoboxone · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25914 | Medium | 4.3 | — | 2024-02-13 | Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20. |
Pixelfed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25108 | Critical | 9.9 | — | 2024-02-12 | Pixelfed is an open source photo sharing platform. |
Postahsil · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7081 | Critical | 9.8 | — | 2024-02-15 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection. |
Prasidhda Malla · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24933 | High | 7.1 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. |
Propertyhive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23513 | High | 8.7 | — | 2024-02-12 | Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. |
Red Hat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1459 | Medium | 5.3 | — | 2024-02-12 | A path traversal vulnerability was found in Undertow. |
Rockwell Automation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21915 | Critical | 9.0 | — | 2024-02-16 | A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). |
Silabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0240 | Medium | 6.5 | — | 2024-02-15 | A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. |
Smartcalc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21728 | Medium | 6.1 | — | 2024-02-15 | An Open Redirect vulnerability was found in osTicky2 below 2.2.8. |
Spider-themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0248 | Medium | 4.3 | — | 2024-02-12 | The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as we… |
Storeapps · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0566 | High | 7.2 | — | 2024-02-12 | The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. |
Swadeshswain · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24931 | Medium | 6.5 | — | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2. |
Sygnoos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6294 | High | 7.2 | — | 2024-02-12 | The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. |
Treasure-data · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25125 | Medium | 5.3 | — | 2024-02-14 | Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. |
Trellix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6072 | Medium | 4.6 | — | 2024-02-13 | A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when acc… |
Tri · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7233 | Medium | 4.8 | — | 2024-02-12 | The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is… |
Unipa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6441 | Critical | 9.8 | — | 2024-02-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. |
Wolfssl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6937 | Medium | 5.3 | — | 2024-02-15 | wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. |
Wp Swings · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25100 | Critical | 10.0 | — | 2024-02-12 | Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4. |
Wpsimpletools · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24935 | Medium | 4.3 | — | 2024-02-12 | Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4. |
Wpxpo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23512 | High | 8.7 | — | 2024-02-12 | Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4. |
Yannick Lefebvre · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24875 | Medium | 4.3 | — | 2024-02-12 | Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13. |