Vulnerabilities (CVE)

Total 271657 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37231 2024-09-10 N/A 9.8 CRITICAL
Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
CVE-2023-37230 2024-09-10 N/A 8.8 HIGH
Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.
CVE-2023-37229 2024-09-10 N/A 8.8 HIGH
Loftware Spectrum before 5.1 allows SSRF.
CVE-2023-37227 2024-09-10 N/A 9.8 CRITICAL
Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.
CVE-2023-52915 1 Linux 1 Linux Kernel 2024-09-10 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
CVE-2024-44408 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-09-10 N/A 7.5 HIGH
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
CVE-2024-44402 1 Dlink 2 Di-8100g, Di-8100g Firmware 2024-09-10 N/A 9.8 CRITICAL
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
CVE-2024-44983 1 Linux 1 Linux Kernel 2024-09-10 N/A 7.1 HIGH
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline] nf_ingress net/core/dev.c:5440 [inline]
CVE-2024-44978 1 Linux 1 Linux Kernel 2024-09-10 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. Prevent UAF by freeing job before xe_exec_queue_put. (cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)
CVE-2024-42348 1 Fogproject 1 Fogproject 2024-09-10 N/A 8.6 HIGH
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.
CVE-2024-42349 1 Fogproject 1 Fogproject 2024-09-10 N/A 5.3 MEDIUM
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47.
CVE-2024-38886 1 Horizoncloud 1 Caterease 2024-09-10 N/A 9.8 CRITICAL
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
CVE-2024-38889 1 Horizoncloud 1 Caterease 2024-09-10 N/A 9.8 CRITICAL
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.
CVE-2024-42759 2024-09-10 N/A 6.3 MEDIUM
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.
CVE-2023-37226 2024-09-10 N/A 9.8 CRITICAL
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
CVE-2024-44867 2024-09-10 N/A 7.5 HIGH
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.
CVE-2024-8654 2024-09-10 N/A 5.0 MEDIUM
MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.
CVE-2024-45393 2024-09-10 N/A 6.4 MEDIUM
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version.
CVE-2024-45044 2024-09-10 N/A 8.8 HIGH
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the full form (i.e. "whoami") but to the abbreviated form (i.e. "w"). If the command ACL is configured with negative ACL that should forbid using the "whoami" command, you could still use "w" or "who" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur.
CVE-2024-8558 1 Oretnom23 1 Food Ordering Management System 2024-09-10 4.0 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.