Total
32113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44289 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 7.5 HIGH |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information. | |||||
| CVE-2024-10353 | 1 Oretnom23 | 1 Online Exam System | 2024-10-30 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This affects a different product and is a different issue than CVE-2024-40480. | |||||
| CVE-2024-47903 | 1 Siemens | 3 Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber, Intermesh 7707 Fire Subscriber Firmware | 2024-10-30 | N/A | 5.8 MEDIUM |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices allows to write arbitrary files to the web server's DocumentRoot directory. | |||||
| CVE-2024-50080 | 1 Linux | 1 Linux Kernel | 2024-10-30 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivileged device. | |||||
| CVE-2024-50081 | 1 Linux | 1 Linux Kernel | 2024-10-30 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue ->tag_set before initializing hctx Commit 7b815817aa58 ("blk-mq: add helper for checking if one CPU is mapped to specified hctx") needs to check queue mapping via tag set in hctx's cpuhp handler. However, q->tag_set may not be setup yet when the cpuhp handler is enabled, then kernel oops is triggered. Fix the issue by setup queue tag_set before initializing hctx. | |||||
| CVE-2024-47904 | 1 Siemens | 3 Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber, Intermesh 7707 Fire Subscriber Firmware | 2024-10-30 | N/A | 7.8 HIGH |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges. | |||||
| CVE-2024-44297 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2024-10-30 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service. | |||||
| CVE-2024-40851 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-30 | N/A | 2.4 LOW |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen. | |||||
| CVE-2024-10290 | 1 Zzcms | 1 Zzcms | 2024-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7763 | 1 Progress | 1 Whatsup Gold | 2024-10-30 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | |||||
| CVE-2024-44294 | 1 Apple | 1 Macos | 2024-10-29 | N/A | 6.5 MEDIUM |
| A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files. | |||||
| CVE-2024-31842 | 1 Italtel | 1 Embrace | 2024-10-29 | N/A | 8.8 HIGH |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover. | |||||
| CVE-2024-7978 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7518 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-10-29 | N/A | 6.5 MEDIUM |
| Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||||
| CVE-2024-7004 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | |||||
| CVE-2024-40867 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-29 | N/A | 9.6 CRITICAL |
| A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | |||||
| CVE-2024-49999 | 1 Linux | 1 Linux Kernel | 2024-10-29 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afs_wait_for_operation(), we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop having had a response from the server that we've discarded (e.g. it returned an abort or we started receiving data, but the call didn't complete). This means that op->server might be NULL, but we don't check that before attempting to set the server flag. | |||||
| CVE-2024-43841 | 1 Linux | 1 Linux Kernel | 2024-10-29 | N/A | 3.3 LOW |
| In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code. | |||||
| CVE-2024-47022 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | N/A | 7.5 HIGH |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656. | |||||
| CVE-2024-47020 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | N/A | 7.5 HIGH |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488. | |||||