Export limit exceeded: 11369 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11369 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39376 | 1 Markoni | 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more | 2024-11-21 | 9.8 Critical |
| TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions. | ||||
| CVE-2024-39361 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 3.1 Low |
| Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken functionality in the channel or thread with user-defined posts | ||||
| CVE-2024-38437 | 1 Dlink | 2 Dsl-225, Dsl-225 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel | ||||
| CVE-2024-38433 | 1 Nuvoton | 8 Npcm705r, Npcm705r Firmware, Npcm710r and 5 more | 2024-11-21 | 6.7 Medium |
| Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. | ||||
| CVE-2024-38279 | 2 Motorola, Motorolasolutions | 3 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware, Vigilant Fixed Lpr Coms Box Bcav1f2 C600 | 2024-11-21 | 4.6 Medium |
| The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | ||||
| CVE-2024-37999 | 1 Siemens | 1 Medicalis Workflow Orchestrator | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges. | ||||
| CVE-2024-37884 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3. | ||||
| CVE-2024-37883 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.3 Medium |
| Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1. | ||||
| CVE-2024-37882 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4. | ||||
| CVE-2024-37677 | 2 Access Management Specialist Project, Shenzhenweitillage | 2 Access Management Specialist, Access Management Specialist | 2024-11-21 | 7.5 High |
| An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. | ||||
| CVE-2024-37367 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | 7.5 High |
| A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification. | ||||
| CVE-2024-37317 | 1 Nextcloud | 1 Notes | 2024-11-21 | 4.6 Medium |
| The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3. | ||||
| CVE-2024-37315 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3. | ||||
| CVE-2024-37314 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2. | ||||
| CVE-2024-37154 | 1 Evmos | 1 Evmos | 2024-11-21 | 5.3 Medium |
| Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 and earlier. | ||||
| CVE-2024-37152 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 5.3 Medium |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. | ||||
| CVE-2024-36399 | 1 Kanboard | 1 Kanboard | 2024-11-21 | 8.2 High |
| Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37. | ||||
| CVE-2024-36257 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 2.7 Low |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A. | ||||
| CVE-2024-35670 | 1 Softlabbd | 1 Integrate Google Drive | 2024-11-21 | 5.3 Medium |
| Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.93. | ||||
| CVE-2024-34596 | 1 Samsung | 1 Smartthings | 2024-11-21 | 5.9 Medium |
| Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. | ||||