Vulnerabilities (CVE)

Total 271657 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-31905 1 Ibm 1 Qradar Network Packet Capture 2024-08-28 N/A 5.9 MEDIUM
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858.
CVE-2024-7867 1 Xpdfreader 1 Xpdf 2024-08-28 N/A 6.2 MEDIUM
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
CVE-2024-42466 1 Upkeeper 1 Upkeeper Manager 2024-08-28 N/A 9.8 CRITICAL
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42462 1 Upkeeper 1 Upkeeper Manager 2024-08-28 N/A 9.8 CRITICAL
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42463 1 Upkeeper 1 Upkeeper Manager 2024-08-28 N/A 6.5 MEDIUM
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42464 1 Upkeeper 1 Upkeeper Manager 2024-08-28 N/A 6.5 MEDIUM
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42465 1 Upkeeper 1 Upkeeper Manager 2024-08-28 N/A 9.8 CRITICAL
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-39717 1 Versa-networks 1 Versa Director 2024-08-28 N/A 7.2 HIGH
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.
CVE-2024-40530 2024-08-28 N/A 9.8 CRITICAL
A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header.
CVE-2024-43472 1 Microsoft 1 Edge Chromium 2024-08-28 N/A 8.3 HIGH
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-4024 1 Softlabbd 1 Radio Player 2024-08-28 N/A 5.3 MEDIUM
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.
CVE-2023-4025 1 Softlabbd 1 Radio Player 2024-08-28 N/A 5.3 MEDIUM
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.
CVE-2024-7578 1 Alientechnology 2 Alr-f800, Alr-f800 Firmware 2024-08-28 7.5 HIGH 9.8 CRITICAL
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7579 1 Alientechnology 2 Alr-f800, Alr-f800 Firmware 2024-08-28 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7061 1 Okta 1 Verify 2024-08-28 N/A 7.8 HIGH
Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.
CVE-2024-6361 1 Opentext 1 Alm Octane 2024-08-28 N/A 5.4 MEDIUM
Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.
CVE-2024-43915 1 Zephyr-one 1 Zephyr Project Manager 2024-08-28 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102.
CVE-2024-41310 1 Yanzhenjie 1 Andserver 2024-08-28 N/A 7.5 HIGH
AndServer 2.1.12 is vulnerable to Directory Traversal.
CVE-2024-42845 2024-08-28 N/A 8.0 HIGH
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
CVE-2024-34087 2024-08-28 N/A 9.8 CRITICAL
An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request.