Total
35574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31366 | 1 Amd | 1 Uprof | 2024-12-12 | 3.3 Low |
| Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | ||||
| CVE-2024-1299 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 6.5 Medium |
| A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges. | ||||
| CVE-2024-11961 | 2 Guangzhou Huayi Intelligent Technology, Huayi-tec | 2 Jeewms, Jeewms | 2024-12-11 | 5.3 Medium |
| A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-23662 | 1 Fortinet | 1 Fortios | 2024-12-11 | 5 Medium |
| An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. | ||||
| CVE-2023-35866 | 1 Keepassxc | 1 Keepassxc | 2024-12-11 | 5.5 Medium |
| In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker." | ||||
| CVE-2023-35853 | 1 Oisf | 1 Suricata | 2024-12-11 | 9.8 Critical |
| In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section. | ||||
| CVE-2023-29546 | 1 Mozilla | 2 Firefox, Firefox Focus | 2024-12-11 | 6.5 Medium |
| When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. | ||||
| CVE-2023-25736 | 1 Mozilla | 1 Firefox | 2024-12-11 | 9.8 Critical |
| An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110. | ||||
| CVE-2019-25136 | 1 Mozilla | 1 Firefox | 2024-12-11 | 10 Critical |
| A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. | ||||
| CVE-2023-29545 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-12-11 | 6.5 Medium |
| Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | ||||
| CVE-2023-29542 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-12-11 | 9.8 Critical |
| A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | ||||
| CVE-2023-29534 | 1 Mozilla | 2 Firefox, Firefox Focus | 2024-12-11 | 9.1 Critical |
| Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. | ||||
| CVE-2023-29532 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-12-11 | 5.5 Medium |
| A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | ||||
| CVE-2024-32989 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 3.3 Low |
| Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32990 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 6.1 Medium |
| Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32991 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 7.5 High |
| Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32992 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 7.5 High |
| Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32993 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 5.6 Medium |
| Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32995 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 6.2 Medium |
| Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-46909 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | ||||