Filtered by vendor
Subscriptions
Total
29165 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-34163 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
CVE-2023-34159 | 1 Huawei | 1 Emui | 2024-12-12 | 9.8 Critical |
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. | ||||
CVE-2024-26007 | 1 Fortinet | 1 Fortios | 2024-12-11 | 5 Medium |
An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests. | ||||
CVE-2024-54937 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 5.3 Medium |
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | ||||
CVE-2024-25142 | 1 Apache | 1 Airflow | 2024-12-11 | 5.5 Medium |
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue. | ||||
CVE-2024-8357 | 1 Visteon | 1 Infotainment | 2024-12-11 | 7.8 High |
Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-23759. | ||||
CVE-2024-12357 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-12-11 | 4.3 Medium |
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-25150 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-11 | 4.3 Medium |
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names. | ||||
CVE-2024-38070 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 7.8 High |
Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | ||||
CVE-2024-38058 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-12-10 | 6.8 Medium |
BitLocker Security Feature Bypass Vulnerability | ||||
CVE-2024-38112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-10 | 7.5 High |
Windows MSHTML Platform Spoofing Vulnerability | ||||
CVE-2024-38100 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2024-12-10 | 7.8 High |
Windows File Explorer Elevation of Privilege Vulnerability | ||||
CVE-2024-38061 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-10 | 7.5 High |
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | ||||
CVE-2023-32709 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. | ||||
CVE-2023-32710 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 4.8 Medium |
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | ||||
CVE-2023-32717 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 4.3 Medium |
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | ||||
CVE-2022-42834 | 1 Apple | 1 Macos | 2024-12-10 | 3.3 Low |
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | ||||
CVE-2024-36461 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 9.1 Critical |
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | ||||
CVE-2023-52387 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 7.5 High |
Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2023-28956 | 2 Ibm, Microsoft | 3 Spectrum Protect, Spectrum Protect Backup-archive Client, Windows | 2024-12-09 | 8.4 High |
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. |