Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39325 | 1 Aimeos | 1 Aimeos Frontend Controller | 2024-11-21 | 5.3 Medium |
| aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue. | ||||
| CVE-2024-37296 | 2024-11-21 | 5.3 Medium | ||
| The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue. | ||||
| CVE-2024-0410 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict. | ||||
| CVE-2023-5921 | 1 Decesoftware | 1 Geodi | 2024-11-21 | 7.1 High |
| Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396. | ||||
| CVE-2023-4181 | 1 Mayurik | 1 Free Hospital Management System For Small Practices | 2024-11-21 | 5.4 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216. | ||||
| CVE-2023-48951 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2020-9925 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-11-21 | 6.1 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2020-9850 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-11-21 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. | ||||
| CVE-2020-9805 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-11-21 | 7.1 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2020-9802 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-11-21 | 8.8 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2020-7955 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.3 Medium |
| HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. | ||||
| CVE-2020-2655 | 3 Debian, Oracle, Redhat | 5 Debian Linux, Jdk, Jre and 2 more | 2024-11-21 | 4.8 Medium |
| Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2019-9946 | 4 Cncf, Kubernetes, Netapp and 1 more | 5 Portmap, Kubernetes, Cloud Insights and 2 more | 2024-11-21 | N/A |
| Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. | ||||
| CVE-2018-9258 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. | ||||
| CVE-2024-46307 | 2 Nanjing Xingyuantu Technology, Sparkshop | 2 Sparkshop, Sparkshop | 2024-10-15 | 7.5 High |
| A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products. | ||||