CVE Daily
← All years

Uncategorized 2024

Page 25/27.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2024-02-28
High

CVE-2021-47028

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rate_info to fix unexpected reporting. [ 1215.161863] Call trace: [ 1215.16430…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2021-47027

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash when the firmware fails to download Fix kernel crash when the firmware is missing or fails to down…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2021-47025

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Always enable the clk on resume In mtk_iommu_runtime_resume always enable the clk, even if m4u_dom is null. Other…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2021-47019

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix possible invalid register access Disable the interrupt and synchronze for the pending irq handlers to ensure th…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-47018

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top of the address space o…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-47015

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RX consumer index logic in the error path. In bnxt_rx_pkt(), the RX buffers are expected to complete in order. If th…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-47011

In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Sin…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-47006

In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook The commit 1879445dfa7b ("perf/core: Set even…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2021-47004

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in get_victim() In CP disabling mode, there are two issues when using LFS or SSR |…

CVSS: 7.1CWE: N/A
Read more
Medium

CVE-2021-47001

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd (and thus enabling more RPC Calls to…

CVSS: 4.7CWE: N/A
Read more
Low

CVE-2021-47000

In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in __fh_to_dentry

CVSS: 3.3CWE: N/A
Read more
Medium

CVE-2021-46997

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GIC_PRIO_PSR_I_SET during entry Zenghui reports that booting a kernel with "irqchip.gicv3_pseudo_nmi=1"…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46990

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via a de…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46989

In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevent corruption in shrinking truncate I believe there are some issues introduced by commit 31651c607151 ("hfsplus: av…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2021-46977

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Disable preemption when probing user return MSRs Disable preemption when probing a user return MSR via RDSMR/WRMSR. If…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46976

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix crash in auto_retire The retire logic uses the 2 lower bits of the pointer to the retire function to store flags. H…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2020-36787

In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled wi…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2020-36784

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2020-36783

In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2020-36782

In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on ret…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2020-36781

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix reference leak when pm_runtime_get_sync fails In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count is not…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2020-36780

In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return i…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2020-36779

In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on retur…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2020-36778

In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return i…

CVSS: 5.5CWE: N/A
Read more
Critical

CVE-2023-50735

A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

CVSS: 9.0CWE: CWE-465
Read more
2024-02-27
Medium

CVE-2024-26301

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2021-46974

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the ds…

CVSS: 5.5CWE: N/A
Read more
Low

CVE-2021-46971

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though it…

CVSS: 3.3CWE: N/A
Read more
Medium

CVE-2021-46970

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue A recent change created a dedicated workqueue for the stat…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46967

In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix vm_flags for virtqueue doorbell mapping The virtqueue doorbell is usually implemented via registeres but we don't…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46963

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueu…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46962

In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: Fix a resource leak in the remove function A 'tmio_mmc_host_free()' call is missing in the remove function, in…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46961

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kerne…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46960

In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS:…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46957

In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __f…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46953

In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware…

CVSS: 6.7CWE: N/A
Read more
High

CVE-2021-46950

In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2021-46945

In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46942

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix shared sqpoll cancellation hangs [ 736.982891] INFO: task iou-sqp-4294:4295 blocked for more than 122 seconds. […

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46941

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the d…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46926

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before che…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46922

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix TPM reservation for seal/unseal The original patch 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unse…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was c…

CVSS: 5.3CWE: N/A
Read more
High

CVE-2023-7165

The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak bac…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2023-6585

The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

CVSS: 7.5CWE: N/A
Read more
High

CVE-2023-6584

The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2021-46920

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback Current code blindly writes over the SWERR and the OVERFLOW bi…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46919

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix wq size store permission state WQ size can only be changed when the device is disabled. Current code allows…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46918

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: clear MSIX permission entry on shutdown Add disabling/clearing of MSIX permission entries on device shutdown to…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46914

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix unbalanced device enable/disable in suspend/resume pci_disable_device() called in __ixgbe_shutdown() decreases dev->en…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46913

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: clone set element expression template memcpy() breaks when using connlimit in set elements. Use nft_expr_clo…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46911

In the Linux kernel, the following vulnerability has been resolved: ch_ktls: Fix kernel panic Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take tx_ctx lock fo…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46910

In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled The debugging code for kmap_local() doubles the num…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2021-46908

In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due…

CVSS: 5.5CWE: N/A
Read more
2024-02-26
High

CVE-2023-52474

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can c…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security…

CVSS: 5.9CWE: N/A
Read more
Medium

CVE-2024-26606

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-26602

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing o…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2024-26601

In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redun…

CVSS: 5.5CWE: N/A
Read more
Low

CVE-2023-5775

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup…

CVSS: 2.2CWE: N/A
Read more
2024-02-23
Medium

CVE-2024-26596

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this d…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drm_sched_entity_init()--should…

CVSS: 5.3CWE: N/A
Read more
High

CVE-2023-52455

In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2023-52453

In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed…

CVSS: 5.5CWE: N/A
Read more
2024-02-21
High

CVE-2024-22778

HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2023-52442

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session(…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2023-42951

The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2023-42946

This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sens…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2023-42877

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2023-42858

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2023-42855

This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased dev…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2023-42836

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access co…

CVSS: 5.3CWE: N/A
Read more
High

CVE-2023-42835

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2023-42834

A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app ma…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2024-1674

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Me…

CVSS: 8.8CWE: N/A
Read more
Medium

CVE-2024-0407

Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions m…

CVSS: 6.5CWE: N/A
Read more
2024-02-20
High

CVE-2023-52436

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2024-1549

If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulne…

CVSS: 6.1CWE: N/A
Read more
Medium

CVE-2024-1548

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Fir…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ```…

CVSS: 6.5CWE: N/A
Read more
2024-02-18
Medium

CVE-2023-52380

Vulnerability of improper access control in the email module.Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2023-52363

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake.

CVSS: 5.3CWE: N/A
Read more
Medium

CVE-2023-52358

Vulnerability of configuration defects in some APIs of the audio module.Successful exploitation of this vulnerability may affect availability.

CVSS: 6.2CWE: N/A
Read more
2024-02-17
High

CVE-2024-22727

Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB.

CVSS: 8.3CWE: N/A
Read more
High

CVE-2023-31728

Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only a…

CVSS: 7.0CWE: N/A
Read more
Medium

CVE-2024-20984

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to expl…

CVSS: 4.4CWE: N/A
Read more
Medium

CVE-2024-20982

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabi…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2024-20980

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allo…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2024-20974

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabi…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2024-20970

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabi…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2024-20960

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2024-20958

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulne…

CVSS: 5.4CWE: N/A
Read more
High

CVE-2024-20956

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily…

CVSS: 7.3CWE: N/A
Read more
Medium

CVE-2024-20947

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploit…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2024-20945

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java S…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2024-20939

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulner…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2024-20935

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulne…

CVSS: 6.1CWE: N/A
Read more
Low

CVE-2024-20925

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM E…

CVSS: 3.1CWE: N/A
Read more
Medium

CVE-2024-20919

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE…

CVSS: 5.9CWE: N/A
Read more
High

CVE-2024-20917

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to explo…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2024-20913

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily expl…

CVSS: 5.4CWE: N/A
Read more
High

CVE-2024-20909

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2024-20907

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploit…

CVSS: 6.1CWE: N/A
Read more
Medium

CVE-2024-20903

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker…

CVSS: 6.5CWE: N/A
Read more
2024-02-16
Low

CVE-2023-40122

In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution pr…

CVSS: 3.3CWE: N/A
Read more
2024-02-15
Medium

CVE-2024-0708

The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes…

CVSS: 5.3CWE: N/A
Read more
Low

CVE-2024-25941

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get infor…

CVSS: 3.3CWE: N/A
Read more
2024-02-14
High

CVE-2023-6138

A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP…

CVSS: 7.9CWE: N/A
Read more
Medium

CVE-2023-35003

Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 6.7CWE: CWE-249
Read more
Medium

CVE-2023-30767

Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 5.5CWE: CWE-92
Read more
Medium

CVE-2023-27308

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 4.6CWE: CWE-92
Read more
Low

CVE-2023-27307

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.8CWE: CWE-92
Read more
Low

CVE-2023-27300

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.8CWE: CWE-92
Read more
Medium

CVE-2023-24589

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS: 6.1CWE: CWE-92
Read more
Medium

CVE-2023-22390

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 6.5CWE: CWE-92
Read more
Medium

CVE-2024-23784

Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2024-24699

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.

CVSS: 6.5CWE: N/A
Read more
2024-02-13
Medium

CVE-2023-5680

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This is…

CVSS: 5.3CWE: N/A
Read more
2024-02-12
Medium

CVE-2023-28018

HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial…

CVSS: 5.5CWE: N/A
Read more
>