ID | CVSS | Summary | Last (major) update | Published | |
CVE-2021-31156 | None |
Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.
|
28-03-2024 - 23:15 | 28-03-2024 - 23:15 | |
CVE-2023-33528 | None |
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).
|
28-03-2024 - 23:15 | 28-03-2024 - 23:15 | |
CVE-2023-50969 | None |
Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468.
|
28-03-2024 - 23:15 | 28-03-2024 - 23:15 | |
CVE-2024-24407 | None |
SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.
|
28-03-2024 - 23:15 | 28-03-2024 - 23:15 | |
CVE-2024-28456 | None |
Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form.
|
28-03-2024 - 23:15 | 28-03-2024 - 23:15 | |
CVE-2024-28714 | None |
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.
|
28-03-2024 - 23:15 | 28-03-2024 - 23:15 | |
CVE-2024-29316 | None |
NodeBB 3.6.7 is vulnerable to Incorrect Access Control.
|
28-03-2024 - 23:15 | 28-03-2024 - 23:15 | |
CVE-2024-29489 | None |
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type.
|
28-03-2024 - 23:15 | 28-03-2024 - 23:15 | |
CVE-2024-24399 | None |
An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows authenticated attackers to execute arbitrary code via uploading a crafted PHP file.
|
28-03-2024 - 23:15 | 25-01-2024 - 21:15 | |
CVE-2023-25341 | None |
A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests.
|
28-03-2024 - 22:15 | 28-03-2024 - 22:15 | |
CVE-2024-23727 | None |
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.
|
28-03-2024 - 21:16 | 28-03-2024 - 21:16 | |
CVE-2024-25506 | None |
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie.
|
28-03-2024 - 20:53 | 28-03-2024 - 20:15 | |
CVE-2024-28090 | None |
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp.
|
28-03-2024 - 20:53 | 28-03-2024 - 20:15 | |
CVE-2024-28091 | None |
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion
|
28-03-2024 - 20:53 | 28-03-2024 - 20:15 | |
CVE-2024-25961 | None |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
|
28-03-2024 - 20:53 | 28-03-2024 - 18:15 | |
CVE-2024-25971 | None |
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-27719 | None |
A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-28713 | None |
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-31063 | None |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-31064 | None |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-25959 | None |
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosu
|
28-03-2024 - 20:53 | 28-03-2024 - 18:15 | |
CVE-2024-25952 | None |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tamperin
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-25954 | None |
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-25960 | None |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-2947 | None |
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-25946 | None |
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the ea
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-25953 | None |
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tamperin
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-25955 | None |
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the ea
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-25963 | None |
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-31061 | None |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-31062 | None |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-31065 | None |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2024-3019 | None |
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By de
|
28-03-2024 - 20:53 | 28-03-2024 - 19:15 | |
CVE-2023-40390 | None |
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42930 | None |
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system.
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42950 | None |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code exec
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42956 | None |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42962 | None |
This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42974 | None |
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code w
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42892 | None |
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42896 | None |
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected pa
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42913 | None |
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42893 | None |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Son
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42936 | None |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sen
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42947 | None |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2023-42931 | None |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.
|
28-03-2024 - 20:53 | 28-03-2024 - 16:15 | |
CVE-2020-36772 | None |
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
|
28-03-2024 - 19:15 | 22-01-2024 - 15:15 | |
CVE-2020-36771 | None |
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.
|
28-03-2024 - 19:15 | 22-01-2024 - 14:15 | |
CVE-2023-29162 | None |
Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.
|
28-03-2024 - 16:15 | 14-02-2024 - 14:15 | |
CVE-2018-8822 | 7.2 |
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicio
|
28-03-2024 - 16:08 | 20-03-2018 - 17:29 |