Filtered by vendor
Subscriptions
Total
30220 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-41332 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2024-08-21 | 6.5 Medium |
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. | ||||
CVE-2024-7842 | 2 Sourcecodester, Tamparongj 03 | 2 Online Graduate Tracer System, Online Graduate Tracer System | 2024-08-21 | 5.3 Medium |
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. This issue affects some unknown processing of the file /tracking/admin/export_it.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-7843 | 2 Sourcecodester, Tamparongj 03 | 2 Online Graduate Tracer System, Online Graduate Tracer System | 2024-08-21 | 5.3 Medium |
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file /tracking/admin/exportcs.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-42006 | 1 Keyfactor | 1 Aws Orchestrator | 2024-08-21 | 7.5 High |
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. | ||||
CVE-2024-44076 | 1 Microcks | 1 Microcks | 2024-08-21 | 9.8 Critical |
In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. | ||||
CVE-2024-41723 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more | 2024-08-20 | 4.3 Medium |
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2024-22069 | 1 Zte | 4 Zxv10 Et301, Zxv10 Et301 Firmware, Zxv10 Xt802 and 1 more | 2024-08-20 | 7.1 High |
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. | ||||
CVE-2024-42032 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-20 | 4.4 Medium |
Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-42031 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-20 | 7.5 High |
Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-42030 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-20 | 6.2 Medium |
Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-32928 | 2 Google, Haxx | 3 Nest Mini, Nest Mini Firmware, Libcurl | 2024-08-20 | 5.9 Medium |
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. | ||||
CVE-2024-42658 | 1 Nepstech | 2 Ntpl-xpon1gfevn, Ntpl-xpon1gfevn Firmware | 2024-08-20 | 8.8 High |
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter | ||||
CVE-2023-24062 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2024-08-19 | 6.8 Medium |
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk. | ||||
CVE-2023-24064 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2024-08-19 | 6.8 Medium |
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk. | ||||
CVE-2024-6359 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | 6.4 Medium |
Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. | ||||
CVE-2024-7799 | 2 Oretnom23, Sourcecodester | 2 Simple Online Bidding System, Simple Online Bidding System | 2024-08-19 | 5.3 Medium |
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-39778 | 1 F5 | 22 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 19 more | 2024-08-19 | 7.5 High |
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2024-39949 | 1 Dahuasecurity | 115 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 112 more | 2024-08-19 | 7.5 High |
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | ||||
CVE-2024-39948 | 1 Dahuasecurity | 115 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 112 more | 2024-08-19 | 7.5 High |
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | ||||
CVE-2024-39945 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2024-08-19 | 4.9 Medium |
A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. |