Total
31174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39772 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-01 | 3.7 Low |
| Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. | ||||
| CVE-2024-44156 | 1 Apple | 1 Macos | 2024-11-01 | 7.1 High |
| A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences. | ||||
| CVE-2024-44122 | 1 Apple | 1 Macos | 2024-11-01 | 8.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox. | ||||
| CVE-2024-40867 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2024-11-01 | 8.8 High |
| A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | ||||
| CVE-2024-10460 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2024-10-31 | 5.4 Medium |
| The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | ||||
| CVE-2024-10458 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2024-10-31 | 6.5 Medium |
| A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. | ||||
| CVE-2022-30357 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 9.8 Critical |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. | ||||
| CVE-2024-8143 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-10-31 | 4.3 Medium |
| In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history. | ||||
| CVE-2024-48227 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 7.5 High |
| Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). | ||||
| CVE-2024-48225 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.1 Critical |
| Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. | ||||
| CVE-2024-44203 | 1 Apple | 1 Macos | 2024-10-31 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library. | ||||
| CVE-2024-21251 | 1 Oracle | 2 Database - Java Vm, Database Server | 2024-10-31 | 3.1 Low |
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2024-21233 | 1 Oracle | 2 Database - Core, Database Server | 2024-10-31 | 4.3 Medium |
| Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2024-7974 | 1 Google | 1 Chrome | 2024-10-30 | 6.3 Medium |
| Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2024-7531 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | 6.3 Medium |
| Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | ||||
| CVE-2024-44274 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-10-30 | 4.6 Medium |
| The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2024-44262 | 1 Apple | 1 Visionos | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information. | ||||
| CVE-2024-44254 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data. | ||||
| CVE-2024-44215 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory. | ||||
| CVE-2024-49373 | 1 Nofusscomputing | 1 Centurion Erp | 2024-10-30 | 4.1 Medium |
| No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem. | ||||