Total
648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8993 | 2024-12-26 | N/A | 6.2 MEDIUM | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-8992 | 2024-12-26 | N/A | 4.0 MEDIUM | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47156 | 2024-12-26 | N/A | 3.3 LOW | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47150 | 2024-12-26 | N/A | 3.3 LOW | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47149 | 2024-12-26 | N/A | 3.3 LOW | ||
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2024-39891 | 1 Twilio | 2 Authy, Authy Authenticator | 2024-12-20 | N/A | 5.3 MEDIUM |
| In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.) | |||||
| CVE-2024-11297 | 2024-12-20 | N/A | 5.3 MEDIUM | ||
| The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||
| CVE-2024-54476 | 1 Apple | 1 Macos | 2024-12-19 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. | |||||
| CVE-2024-12663 | 2024-12-16 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-27839 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-09 | N/A | 3.3 LOW |
| A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location. | |||||
| CVE-2022-42792 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-06 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information | |||||
| CVE-2024-54002 | 2024-12-04 | N/A | 5.3 MEDIUM | ||
| Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same action with a username that is not known by the system. The observable difference in request duration can be leveraged by actors to enumerate valid names of managed users. LDAP and OpenID Connect users are not affected. The issue has been fixed in Dependency-Track 4.12.2. | |||||
| CVE-2020-11063 | 1 Typo3 | 1 Typo3 | 2024-12-03 | 4.3 MEDIUM | 3.7 LOW |
| In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. | |||||
| CVE-2023-20575 | 1 Amd | 176 Epyc 5552, Epyc 5552 Firmware, Epyc 7232p and 173 more | 2024-11-27 | N/A | 6.5 MEDIUM |
| A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information. | |||||
| CVE-2020-10369 | 2024-11-26 | N/A | 5.5 MEDIUM | ||
| Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack. | |||||
| CVE-2020-10367 | 2024-11-26 | N/A | 5.5 MEDIUM | ||
| Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory access via a "Spectra" attack. | |||||
| CVE-2023-37305 | 1 Mediawiki | 1 Mediawiki | 2024-11-26 | N/A | 5.3 MEDIUM |
| An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. | |||||
| CVE-2024-0564 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-25 | N/A | 5.3 MEDIUM |
| A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page. | |||||
| CVE-2018-9364 | 1 Google | 1 Android | 2024-11-22 | N/A | 7.5 HIGH |
| In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation. | |||||
| CVE-2024-6129 | 1 Spa-cart | 1 Spa-cartcms | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268896. | |||||