Vulnerabilities (CVE)

Total 260444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-0747 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 6.5 MEDIUM
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0204 1 Fortra 1 Goanywhere Managed File Transfer 2024-02-02 N/A 9.8 CRITICAL
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
CVE-2023-43320 1 Proxmox 3 Backup Server, Proxmox Mail Gateway, Virtual Environment 2024-02-02 N/A 8.8 HIGH
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.
CVE-2023-42270 1 Grocy Project 1 Grocy 2024-02-02 N/A 8.8 HIGH
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2023-42222 1 Webcatalog 1 Webcatalog 2024-02-02 N/A 8.8 HIGH
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
CVE-2024-0750 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 8.8 HIGH
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0751 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 8.8 HIGH
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0753 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 6.5 MEDIUM
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2023-27990 1 Zyxel 38 Atp100, Atp100 Firmware, Atp100w and 35 more 2024-02-02 N/A 4.8 MEDIUM
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.
CVE-2008-5021 3 Canonical, Debian, Mozilla 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2024-02-02 9.3 HIGH N/A
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
CVE-2008-0379 2 Businessobjects, Microsoft 2 Crystal Reports Xi, Activex 2024-02-02 9.3 HIGH N/A
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
CVE-2024-23055 2024-02-02 N/A 6.1 MEDIUM
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
CVE-2007-3970 1 Eset Software 1 Nod32 Antivirus 2024-02-02 7.6 HIGH N/A
Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.
CVE-2005-0252 1 Markusmobius 1 Biborb 2024-02-02 7.5 HIGH N/A
SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.
CVE-2010-0629 1 Mit 2 Kerberos, Kerberos 5 2024-02-02 4.0 MEDIUM 6.5 MEDIUM
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
CVE-2022-20141 1 Google 1 Android 2024-02-02 6.9 MEDIUM 7.0 HIGH
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel
CVE-2005-0253 1 Markusmobius 1 Biborb 2024-02-02 4.0 MEDIUM N/A
Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.
CVE-2021-0920 2 Debian, Google 2 Debian Linux, Android 2024-02-02 6.9 MEDIUM 6.4 MEDIUM
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
CVE-2005-0254 1 Markusmobius 1 Biborb 2024-02-02 4.3 MEDIUM N/A
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
CVE-2020-6819 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-02-02 6.8 MEDIUM 8.1 HIGH
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.