Total
271657 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-31905 | 1 Ibm | 1 Qradar Network Packet Capture | 2024-08-28 | N/A | 5.9 MEDIUM |
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858. | |||||
CVE-2024-7867 | 1 Xpdfreader | 1 Xpdf | 2024-08-28 | N/A | 6.2 MEDIUM |
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | |||||
CVE-2024-42466 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | |||||
CVE-2024-42462 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9. | |||||
CVE-2024-42463 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 6.5 MEDIUM |
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. | |||||
CVE-2024-42464 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 6.5 MEDIUM |
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. | |||||
CVE-2024-42465 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | |||||
CVE-2024-39717 | 1 Versa-networks | 1 Versa Director | 2024-08-28 | N/A | 7.2 HIGH |
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. | |||||
CVE-2024-40530 | 2024-08-28 | N/A | 9.8 CRITICAL | ||
A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. | |||||
CVE-2024-43472 | 1 Microsoft | 1 Edge Chromium | 2024-08-28 | N/A | 8.3 HIGH |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
CVE-2023-4024 | 1 Softlabbd | 1 Radio Player | 2024-08-28 | N/A | 5.3 MEDIUM |
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances. | |||||
CVE-2023-4025 | 1 Softlabbd | 1 Radio Player | 2024-08-28 | N/A | 5.3 MEDIUM |
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances. | |||||
CVE-2024-7578 | 1 Alientechnology | 2 Alr-f800, Alr-f800 Firmware | 2024-08-28 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-7579 | 1 Alientechnology | 2 Alr-f800, Alr-f800 Firmware | 2024-08-28 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-7061 | 1 Okta | 1 Verify | 2024-08-28 | N/A | 7.8 HIGH |
Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater. | |||||
CVE-2024-6361 | 1 Opentext | 1 Alm Octane | 2024-08-28 | N/A | 5.4 MEDIUM |
Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack. | |||||
CVE-2024-43915 | 1 Zephyr-one | 1 Zephyr Project Manager | 2024-08-28 | N/A | 5.4 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102. | |||||
CVE-2024-41310 | 1 Yanzhenjie | 1 Andserver | 2024-08-28 | N/A | 7.5 HIGH |
AndServer 2.1.12 is vulnerable to Directory Traversal. | |||||
CVE-2024-42845 | 2024-08-28 | N/A | 8.0 HIGH | ||
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. | |||||
CVE-2024-34087 | 2024-08-28 | N/A | 9.8 CRITICAL | ||
An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request. |