Total
29332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32647 | 1 Vyperlang | 1 Vyper | 2025-01-02 | 5.3 Medium |
| Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist. | ||||
| CVE-2024-32649 | 1 Vyperlang | 1 Vyper | 2025-01-02 | 5.3 Medium |
| Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available. | ||||
| CVE-2023-3228 | 1 Fossbilling | 1 Fossbilling | 2025-01-02 | 5.7 Medium |
| Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. | ||||
| CVE-2023-0837 | 3 Apple, Microsoft, Teamviewer | 3 Macos, Windows, Remote | 2025-01-02 | 6.6 Medium |
| An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. | ||||
| CVE-2024-2150 | 2 Munyweki, Sourcecodester | 2 Insurance Management System, Insurance Management System | 2025-01-02 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255503. | ||||
| CVE-2023-28603 | 2 Microsoft, Zoom | 2 Windows, Virtual Desktop Infrastructure | 2025-01-02 | 7.7 High |
| Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | ||||
| CVE-2023-28600 | 1 Zoom | 1 Zoom | 2025-01-02 | 5.2 Medium |
| Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client. | ||||
| CVE-2022-37959 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2025-01-02 | 6.5 Medium |
| Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | ||||
| CVE-2022-22023 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | 6.6 Medium |
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | ||||
| CVE-2022-26905 | 1 Microsoft | 1 Edge Chromium | 2025-01-02 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-31491 | 1 Fortinet | 1 Fortisandbox | 2025-01-02 | 8.6 High |
| A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. | ||||
| CVE-2023-48789 | 1 Fortinet | 1 Fortiportal | 2025-01-02 | 4.1 Medium |
| A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests. | ||||
| CVE-2022-21899 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-01-02 | 5.5 Medium |
| Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | ||||
| CVE-2024-7019 | 1 Google | 1 Chrome | 2025-01-02 | 4.3 Medium |
| Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-7282 | 1 Google | 1 Chrome | 2025-01-02 | 4.3 Medium |
| Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-7281 | 1 Google | 1 Chrome | 2025-01-02 | 4.3 Medium |
| Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-7020 | 1 Google | 1 Chrome | 2025-01-02 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-43461 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-12-31 | 8.8 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-38070 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-31 | 7.8 High |
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | ||||
| CVE-2024-38058 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-12-31 | 6.8 Medium |
| BitLocker Security Feature Bypass Vulnerability | ||||