Total
31401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10353 | 1 Oretnom23 | 1 Online Exam System | 2024-10-30 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This affects a different product and is a different issue than CVE-2024-40480. | ||||
| CVE-2024-47903 | 1 Siemens | 3 Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber, Intermesh 7707 Fire Subscriber Firmware | 2024-10-30 | 5.8 Medium |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices allows to write arbitrary files to the web server's DocumentRoot directory. | ||||
| CVE-2024-47904 | 1 Siemens | 4 Intermesh 7177 Hybrid2.0 Subscriber, Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber and 1 more | 2024-10-30 | 7.8 High |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges. | ||||
| CVE-2024-44297 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2024-10-30 | 6.5 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service. | ||||
| CVE-2024-40851 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-30 | 2.4 Low |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen. | ||||
| CVE-2024-10290 | 1 Zzcms | 1 Zzcms | 2024-10-30 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7763 | 1 Progress | 1 Whatsup Gold | 2024-10-30 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | ||||
| CVE-2024-10229 | 1 Google | 1 Chrome | 2024-10-30 | 8.1 High |
| Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2024-44294 | 1 Apple | 1 Macos | 2024-10-29 | 6.5 Medium |
| A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files. | ||||
| CVE-2024-31842 | 1 Italtel | 1 Embrace | 2024-10-29 | 8.8 High |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover. | ||||
| CVE-2024-7978 | 1 Google | 1 Chrome | 2024-10-29 | 4.3 Medium |
| Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-7518 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-10-29 | 6.5 Medium |
| Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | ||||
| CVE-2024-7004 | 1 Google | 1 Chrome | 2024-10-29 | 4.3 Medium |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | ||||
| CVE-2024-47022 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | 5.1 Medium |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656. | ||||
| CVE-2024-47020 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | 5.1 Medium |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488. | ||||
| CVE-2024-47023 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47025 | 1 Google | 2 Android, Pixel | 2024-10-28 | 5.1 Medium |
| In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47027 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-44100 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | 7.5 High |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545. | ||||
| CVE-2024-39946 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2024-10-27 | 6 Medium |
| A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization. | ||||