Search
Search Results (2091 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41264 | 1 Casbin | 1 Casdoor | 2024-08-16 | 7.5 High |
| An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method. | ||||
| CVE-2024-40464 | 1 Beego | 1 Beego | 2024-08-15 | 8.8 High |
| An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file | ||||
| CVE-2024-37015 | 1 Adacore | 1 Ada Web Services | 2024-08-14 | 7.4 High |
| An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers. | ||||
| CVE-2024-42395 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2024-08-12 | 9.8 Critical |
| There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-32765 | 2024-08-12 | 4.2 Medium | ||
| A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | ||||
| CVE-2024-32865 | 1 Johnsoncontrols | 1 Exacqvision Server | 2024-08-09 | 6.4 Medium |
| Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices. | ||||
| CVE-2024-41432 | 1 Likeshop | 1 Likeshop | 2024-08-08 | 5.3 Medium |
| An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc. | ||||
| CVE-2024-6472 | 2 Redhat, The Document Foundation | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-08-06 | 7.8 High |
| Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5. | ||||
| CVE-2022-0931 | 2024-02-08 | 0.0 Low | ||
| Red Hat Product Security does not consider this to be a vulnerability. Upstream has not acknowledged this issue as a security flaw. | ||||
| CVE-2021-3601 | 2023-11-07 | 3.3 Low | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-119646061 | ||||
| CVE-2018-3630 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | ||||