Export limit exceeded: 337654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337654 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44196 | 1 Apple | 1 Macos | 2024-11-14 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-46951 | 4 Artifex, Debian, Redhat and 1 more | 6 Ghostscript, Debian Linux, Enterprise Linux and 3 more | 2024-11-14 | 7.8 High |
| An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. | ||||
| CVE-2024-46952 | 3 Artifex, Debian, Redhat | 3 Ghostscript, Debian Linux, Enterprise Linux | 2024-11-14 | 8.4 High |
| An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). | ||||
| CVE-2024-46953 | 4 Artifex, Debian, Redhat and 1 more | 6 Ghostscript, Debian Linux, Enterprise Linux and 3 more | 2024-11-14 | 7.8 High |
| An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | ||||
| CVE-2024-47648 | 1 Theeventprime | 1 Eventprime | 2024-11-14 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5. | ||||
| CVE-2024-46955 | 3 Artifex, Debian, Suse | 5 Ghostscript, Debian Linux, Linux Enterprise High Performance Computing and 2 more | 2024-11-14 | 5.5 Medium |
| An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. | ||||
| CVE-2024-47604 | 1 Microsoft | 1 Nugetgallery | 2024-11-13 | 8.2 High |
| NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser. | ||||
| CVE-2024-50310 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2024-11-13 | 7.5 High |
| A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem. | ||||
| CVE-2024-47942 | 1 Siemens | 1 Solid Edge Se2024 | 2024-11-13 | 7.3 High |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. | ||||
| CVE-2024-47941 | 1 Siemens | 1 Solid Edge Se2024 | 2024-11-13 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-47940 | 1 Siemens | 1 Solid Edge Se2024 | 2024-11-13 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-47808 | 1 Siemens | 1 Sinec Nms | 2024-11-13 | 8.4 High |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system. | ||||
| CVE-2024-47783 | 1 Siemens | 2 Siport, Siport Mp | 2024-11-13 | 7.8 High |
| A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges. | ||||
| CVE-2024-46892 | 1 Siemens | 1 Sinec Ins | 2024-11-13 | 4.9 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled. | ||||
| CVE-2024-46890 | 2 Seimens, Siemens | 2 Sinec Ins, Sinec Ins | 2024-11-13 | 9.1 Critical |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. | ||||
| CVE-2024-46889 | 2 Seimens, Siemens | 2 Sinec Ins, Sinec Ins | 2024-11-13 | 5.3 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files. | ||||
| CVE-2024-46888 | 2 Seimens, Siemens | 2 Sinec Ins, Sinec Ins | 2024-11-13 | 9.9 Critical |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device. | ||||
| CVE-2024-11061 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2024-11-13 | 8.8 High |
| A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11058 | 2 Codeastro, Surajkumarvishwakarma | 2 Real Estate Management System, Real Estate Management System | 2024-11-13 | 4.7 Medium |
| A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7434 | 2 Ultrapress, Ultrapressorg | 2 Ultrapress, Ultrapress | 2024-11-13 | 8.8 High |
| The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||