Total
316578 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40884 | 1 Mattermost | 1 Mattermost Server | 2024-10-17 | N/A | 2.7 LOW |
| Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL. | |||||
| CVE-2024-8080 | 1 Online Health Care System Project | 1 Online Health Care System | 2024-10-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument f_name with the input 1%' or 1=1 ) UNION SELECT 1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# as part of string leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-47828 | 1 Ampache | 1 Ampache | 2024-10-17 | N/A | 6.5 MEDIUM |
| ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent. | |||||
| CVE-2024-47767 | 1 Enalean | 1 Tuleap | 2024-10-17 | N/A | 4.3 MEDIUM |
| Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. | |||||
| CVE-2024-47766 | 1 Enalean | 1 Tuleap | 2024-10-17 | N/A | 4.9 MEDIUM |
| Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. | |||||
| CVE-2024-9548 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-10-17 | N/A | 6.1 MEDIUM |
| The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-9546 | 1 Xplodedthemes | 1 Wpide | 2024-10-17 | N/A | 5.3 MEDIUM |
| The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-43559 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-17 | N/A | 6.5 MEDIUM |
| Windows Mobile Broadband Driver Denial of Service Vulnerability | |||||
| CVE-2024-43558 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-17 | N/A | 6.5 MEDIUM |
| Windows Mobile Broadband Driver Denial of Service Vulnerability | |||||
| CVE-2024-43557 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-17 | N/A | 6.5 MEDIUM |
| Windows Mobile Broadband Driver Denial of Service Vulnerability | |||||
| CVE-2024-45738 | 1 Splunk | 1 Splunk | 2024-10-17 | N/A | 4.9 MEDIUM |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. | |||||
| CVE-2024-45739 | 1 Splunk | 1 Splunk | 2024-10-17 | N/A | 4.9 MEDIUM |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. | |||||
| CVE-2024-45740 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-17 | N/A | 5.4 MEDIUM |
| In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user. | |||||
| CVE-2024-45741 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-17 | N/A | 5.4 MEDIUM |
| In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user. | |||||
| CVE-2024-45731 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-10-17 | N/A | 8.0 HIGH |
| In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. | |||||
| CVE-2024-45732 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-17 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data. | |||||
| CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2024-10-17 | N/A | 6.5 MEDIUM |
| A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | |||||
| CVE-2024-9464 | 1 Paloaltonetworks | 1 Expedition | 2024-10-17 | N/A | 6.5 MEDIUM |
| An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | |||||
| CVE-2024-47044 | 2024-10-17 | N/A | 5.3 MEDIUM | ||
| Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. | |||||
| CVE-2024-45733 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-10-16 | N/A | 8.8 HIGH |
| In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. | |||||