Total
275295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8752 | 2 Microsoft, Smart-hmi | 2 Windows, Webiq | 2024-09-20 | N/A | 7.5 HIGH |
| The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. | |||||
| CVE-2024-46958 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-09-20 | N/A | 9.1 CRITICAL |
| In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4. | |||||
| CVE-2024-45595 | 1 Man | 1 D-tale | 2024-09-20 | N/A | 9.8 CRITICAL |
| D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default. | |||||
| CVE-2024-45593 | 1 Nixos | 1 Nix | 2024-09-20 | N/A | 8.8 HIGH |
| Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6. | |||||
| CVE-2024-45592 | 1 Damienharper | 1 Auditor-bundle | 2024-09-20 | N/A | 6.1 MEDIUM |
| auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in versions 6.0.0 and 5.2.6. | |||||
| CVE-2024-45591 | 1 Xwiki | 1 Xwiki | 2024-09-20 | N/A | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1. | |||||
| CVE-2024-31490 | 1 Fortinet | 1 Fortisandbox | 2024-09-20 | N/A | 6.5 MEDIUM |
| An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests. | |||||
| CVE-2024-33508 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-09-20 | N/A | 7.3 HIGH |
| An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. | |||||
| CVE-2024-35282 | 1 Fortinet | 1 Forticlient | 2024-09-20 | N/A | 4.6 MEDIUM |
| A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. | |||||
| CVE-2024-36511 | 1 Fortinet | 1 Fortiadc | 2024-09-20 | N/A | 3.7 LOW |
| An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature | |||||
| CVE-2024-42423 | 2 Citrix, Dell | 2 Workspace, Thinos | 2024-09-20 | N/A | 7.1 HIGH |
| Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering. | |||||
| CVE-2024-31489 | 1 Fortinet | 1 Forticlient | 2024-09-20 | N/A | 8.1 HIGH |
| AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation | |||||
| CVE-2024-5057 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2024-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | |||||
| CVE-2024-23915 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::of13::InstructionSet::unpack. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-23916 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionSet::unpack. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31164 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31165 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::SetFieldAction::unpack. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31166 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::HelloElemVersionBitmap::unpack. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31167 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack13. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31168 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::EchoCommon::unpack. This issue affects libfluid: 0.1.0. | |||||