Total
82344 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10760 | 1 Anisha | 1 University Event Management System | 2024-11-05 | 6.5 MEDIUM | 7.5 HIGH |
| A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48878 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-05 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection inĀ Archived Audit Report. | |||||
| CVE-2024-20426 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-05 | N/A | 8.6 HIGH |
| A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2024-43424 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 7.5 HIGH |
| Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. | |||||
| CVE-2024-42420 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 7.5 HIGH |
| Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. | |||||
| CVE-2024-45829 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 7.5 HIGH |
| Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. | |||||
| CVE-2024-47005 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 8.1 HIGH |
| Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. | |||||
| CVE-2024-51248 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. | |||||
| CVE-2024-51247 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. | |||||
| CVE-2024-51245 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
| In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. | |||||
| CVE-2024-51244 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. | |||||
| CVE-2024-9235 | 1 Mapster | 1 Mapster Wp Maps | 2024-11-05 | N/A | 8.8 HIGH |
| The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-7587 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2024-11-05 | N/A | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64. | |||||
| CVE-2024-9191 | 1 Okta | 1 Verify | 2024-11-05 | N/A | 7.8 HIGH |
| The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing. Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected. | |||||
| CVE-2024-10594 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-50310 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-05 | N/A | 7.5 HIGH |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | |||||
| CVE-2024-10506 | 1 Fabianros | 1 Blood Bank Management System | 2024-11-05 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability classified as critical has been found in code-projects Blood Bank System 1.0. This affects an unknown part of the file /admin/blood/update/B-.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10610 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10613 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10612 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||