Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-34923 In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS). | 6.1 | MEDIUM | — | 0 |
| CVE-2024-5428 A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=ma... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-35342 Certain Anpviz products allow unauthenticated users to modify or disable camera related settings such as microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. This affects IPC-D... | 4.6 | MEDIUM | — | 0 |
| CVE-2024-5437 A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories... | 3.5 | LOW | — | 0 |
| CVE-2024-28826 Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configur... | 8.8 | HIGH | — | 0 |
| CVE-2024-50381 A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the t... | N/A | NONE | — | 0 |
| CVE-2024-42424 Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerabi... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-42427 Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access coul... | 7.6 | HIGH | — | 0 |
| CVE-2023-44254 An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker ... | 5.0 | MEDIUM | — | 0 |
| CVE-2024-23716 In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution priv... | 7.0 | HIGH | — | 0 |
| CVE-2024-31336 In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel wi... | 7.8 | HIGH | — | 0 |
| CVE-2024-40650 In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges ne... | 7.8 | HIGH | — | 0 |
| CVE-2024-8602 When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on thi... | N/A | NONE | — | 0 |
| CVE-2024-40652 In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation... | 7.8 | HIGH | — | 0 |
| CVE-2024-40654 In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... | 7.8 | HIGH | — | 0 |
| CVE-2024-40656 In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-40657 In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no... | 7.8 | HIGH | — | 0 |
| CVE-2024-40658 In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution p... | 7.8 | HIGH | — | 0 |
| CVE-2024-40659 In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps d... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-40662 In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privilege... | 7.8 | HIGH | — | 0 |
| CVE-2024-45103 A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-45104 A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-8661 Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browser... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-38860 Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-8698 A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specif... | 7.7 | HIGH | — | 0 |
| CVE-2023-3441 An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protect... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-47193 WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and Elements Client Security for Mac before 16.10 allow a remote Denial of Service. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-8883 A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-27584 Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT t... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9076 A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os com... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-8434 The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-47078 Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly ... | 8.1 | HIGH | — | 0 |
| CVE-2024-38861 Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through ... | 7.4 | HIGH | — | 0 |
| CVE-2024-9341 A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw al... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-47524 LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Grou... | 7.2 | HIGH | — | 0 |
| CVE-2024-47526 LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaS... | 3.5 | LOW | — | 0 |
| CVE-2024-47528 LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role ca... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-41163 A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can... | 7.5 | HIGH | — | 0 |
| CVE-2024-41922 A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An a... | 7.5 | HIGH | — | 0 |
| CVE-2024-8508 NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-45153 Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41981 A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-... | 7.8 | HIGH | — | 0 |
| CVE-2024-45463 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versi... | 7.8 | HIGH | — | 0 |
| CVE-2024-45464 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versi... | 7.8 | HIGH | — | 0 |
| CVE-2024-9798 The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers. | 9.0 | CRITICAL | — | 0 |
| CVE-2024-45465 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versi... | 7.8 | HIGH | — | 0 |
| CVE-2024-45466 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versi... | 7.8 | HIGH | — | 0 |
| CVE-2024-45467 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versi... | 7.8 | HIGH | — | 0 |
| CVE-2024-45468 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versi... | 7.8 | HIGH | — | 0 |
| CVE-2024-45469 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versi... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.