Weekly Vulnerabilities Reports > February 12 to 18, 2024
Overview
275 new vulnerabilities reported during this period, including 36 critical vulnerabilities and 127 high severity vulnerabilities. This weekly summary report vulnerabilities in 98 products from 39 vendors including Microsoft, Adobe, Dell, Siemens, and Oracle. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "OS Command Injection", "Out-of-bounds Write", and "Out-of-bounds Read".
- 171 reported vulnerabilities are remotely exploitables.
- 82 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 158 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 68 reported vulnerabilities.
- Github has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
36 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-02-15 | CVE-2023-5155 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8. | 9.8 | |
2024-02-15 | CVE-2023-7081 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSIL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024. | 9.8 | |
2024-02-15 | CVE-2024-23113 | Fortinet | Use of Externally-Controlled Format String vulnerability in Fortinet products A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. | 9.8 |
2024-02-15 | CVE-2024-20738 | Adobe | Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. | 9.8 |
2024-02-15 | CVE-2024-26260 | The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. | 9.8 | |
2024-02-15 | CVE-2024-26261 | The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. | 9.8 | |
2024-02-15 | CVE-2024-26264 | EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. | 9.8 | |
2024-02-14 | CVE-2024-25214 | Sherlock | SQL Injection vulnerability in Sherlock Employee Management System 1.0 An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. | 9.8 |
2024-02-14 | CVE-2024-25215 | Sherlock | SQL Injection vulnerability in Sherlock Employee Management System 1.0 Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. | 9.8 |
2024-02-14 | CVE-2024-25216 | Sherlock | SQL Injection vulnerability in Sherlock Employee Management System 1.0 Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. | 9.8 |
2024-02-14 | CVE-2024-25220 | Task Manager IN PHP With Source Code Project | SQL Injection vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0 Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. | 9.8 |
2024-02-14 | CVE-2024-25222 | Task Manager IN PHP With Source Code Project | SQL Injection vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0 Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. | 9.8 |
2024-02-14 | CVE-2023-6441 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. | 9.8 | |
2024-02-13 | CVE-2024-21413 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 9.8 |
2024-02-13 | CVE-2024-21401 | Microsoft | Unspecified vulnerability in Microsoft Entra Jira SSO Plugin Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | 9.8 |
2024-02-13 | CVE-2024-21410 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.8 |
2024-02-13 | CVE-2024-22923 | Advradius | SQL Injection vulnerability in Advradius ADV Radius 2.2.5 SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. | 9.8 |
2024-02-13 | CVE-2024-23816 | A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). | 9.8 | |
2024-02-12 | CVE-2024-23759 | Gambio | Unrestricted Upload of File with Dangerous Type vulnerability in Gambio 4.9.2.0 Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | 9.8 |
2024-02-12 | CVE-2024-23761 | Gambio | Server-Side Request Forgery (SSRF) vulnerability in Gambio 4.9.2.0 Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | 9.8 |
2024-02-12 | CVE-2024-23763 | Gambio | SQL Injection vulnerability in Gambio 4.9.2.0 SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | 9.8 |
2024-02-15 | CVE-2024-23476 | Solarwinds | Path Traversal vulnerability in Solarwinds Access Rights Manager The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. | 9.6 |
2024-02-15 | CVE-2024-23477 | Solarwinds | Path Traversal vulnerability in Solarwinds Access Rights Manager The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. | 9.6 |
2024-02-15 | CVE-2024-23479 | Solarwinds | Path Traversal vulnerability in Solarwinds Access Rights Manager SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. | 9.6 |
2024-02-13 | CVE-2024-21364 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | 9.3 |
2024-02-15 | CVE-2024-20719 | Adobe | Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. | 9.1 |
2024-02-15 | CVE-2024-20720 | Adobe | OS Command Injection vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. | 9.1 |
2024-02-13 | CVE-2024-1355 | Github | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. | 9.1 |
2024-02-13 | CVE-2024-1359 | Github | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. | 9.1 |
2024-02-13 | CVE-2024-1369 | Github | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. | 9.1 |
2024-02-13 | CVE-2024-1372 | Github | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. | 9.1 |
2024-02-13 | CVE-2024-1374 | Github | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. | 9.1 |
2024-02-13 | CVE-2024-1378 | Github | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. | 9.1 |
2024-02-15 | CVE-2023-40057 | Solarwinds | Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. | 9.0 |
2024-02-13 | CVE-2024-21376 | Microsoft | Unspecified vulnerability in Microsoft Azure Kubernetes Service Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | 9.0 |
2024-02-13 | CVE-2024-21403 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | 9.0 |
127 High Vulnerabilities
105 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-02-13 | CVE-2024-21341 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Remote Code Execution Vulnerability | 6.8 |
2024-02-13 | CVE-2024-21381 | Microsoft | Unspecified vulnerability in Microsoft Azure Active Directory Microsoft Azure Active Directory B2C Spoofing Vulnerability | 6.8 |
2024-02-17 | CVE-2024-20903 | Vulnerability in the Java VM component of Oracle Database Server. | 6.5 | |
2024-02-17 | CVE-2024-20929 | Oracle | Unspecified vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). | 6.5 |
2024-02-17 | CVE-2024-20960 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). | 6.5 | |
2024-02-17 | CVE-2024-20962 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 | |
2024-02-15 | CVE-2024-20718 | Adobe | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. | 6.5 |
2024-02-13 | CVE-2024-20679 | Microsoft | Unspecified vulnerability in Microsoft Azure Stack HUB Azure Stack Hub Spoofing Vulnerability | 6.5 |
2024-02-13 | CVE-2024-20684 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Denial of Service Vulnerability | 6.5 |
2024-02-13 | CVE-2024-21356 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 6.5 |
2024-02-13 | CVE-2023-48363 | A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). | 6.5 | |
2024-02-13 | CVE-2023-48364 | A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). | 6.5 | |
2024-02-12 | CVE-2024-1250 | Gitlab | Unspecified vulnerability in Gitlab 16.8.0 An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. | 6.5 |
2024-02-12 | CVE-2024-22221 | Dell | SQL Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120 Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. | 6.5 |
2024-02-12 | CVE-2024-22226 | Dell | Path Traversal vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120 Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. | 6.5 |
2024-02-13 | CVE-2024-21339 | Microsoft | Unspecified vulnerability in Microsoft products Windows USB Generic Parent Driver Remote Code Execution Vulnerability | 6.4 |
2024-02-13 | CVE-2024-23440 | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. | 6.3 | |
2024-02-17 | CVE-2024-20907 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). | 6.1 | |
2024-02-17 | CVE-2024-20933 | Oracle | Unspecified vulnerability in Oracle Installed Base Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). | 6.1 |
2024-02-17 | CVE-2024-20935 | Oracle | Unspecified vulnerability in Oracle Installed Base Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). | 6.1 |
2024-02-17 | CVE-2024-20941 | Oracle | Unspecified vulnerability in Oracle Installed Base Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). | 6.1 |
2024-02-17 | CVE-2024-20949 | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). | 6.1 | |
2024-02-17 | CVE-2024-20951 | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). | 6.1 | |
2024-02-17 | CVE-2024-20986 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 6.1 | |
2024-02-15 | CVE-2023-26206 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortinac An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | 6.1 |
2024-02-14 | CVE-2024-25218 | Task Manager IN PHP With Source Code Project | Cross-site Scripting vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0 A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. | 6.1 |
2024-02-14 | CVE-2024-25219 | Task Manager IN PHP With Source Code Project | Cross-site Scripting vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0 A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. | 6.1 |
2024-02-14 | CVE-2024-25221 | Task Manager IN PHP With Source Code Project | Cross-site Scripting vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0 A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. | 6.1 |
2024-02-14 | CVE-2023-48985 | Cusg | Cross-site Scripting vulnerability in Cusg Content Management System Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component. | 6.1 |
2024-02-14 | CVE-2023-48986 | Cusg | Cross-site Scripting vulnerability in Cusg Content Management System Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component. | 6.1 |
2024-02-12 | CVE-2024-24889 | Geekcodelab | Cross-site Scripting vulnerability in Geekcodelab ALL 404 Pages Redirect to Homepage Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9. | 6.1 |
2024-02-12 | CVE-2024-24927 | Unitedthemes | Cross-site Scripting vulnerability in Unitedthemes Brooklyn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | 6.1 |
2024-02-12 | CVE-2024-24932 | Zixn | Cross-site Scripting vulnerability in Zixn VK Poster Group Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3. | 6.1 |
2024-02-12 | CVE-2024-24933 | Prasidhdamalla | Cross-site Scripting vulnerability in Prasidhdamalla Honeypot for WP Comment Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | 6.1 |
2024-02-17 | CVE-2024-20919 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). | 5.9 | |
2024-02-17 | CVE-2024-20921 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). | 5.9 | |
2024-02-13 | CVE-2024-21344 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network Address Translation (NAT) Denial of Service Vulnerability | 5.9 |
2024-02-13 | CVE-2024-20695 | Microsoft | Unspecified vulnerability in Microsoft Skype for Business Server 2019 Skype for Business Information Disclosure Vulnerability | 5.7 |
2024-02-15 | CVE-2024-20733 | Adobe | Improper Input Validation vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. | 5.5 |
2024-02-15 | CVE-2024-20734 | Adobe | Use After Free vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-15 | CVE-2024-20735 | Adobe | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-15 | CVE-2024-20736 | Adobe | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-15 | CVE-2024-20747 | Adobe | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-15 | CVE-2024-20748 | Adobe | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-15 | CVE-2024-20749 | Adobe | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-15 | CVE-2024-20722 | Adobe | Out-of-bounds Read vulnerability in Adobe Substance 3D Painter Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-15 | CVE-2024-20724 | Adobe | Out-of-bounds Read vulnerability in Adobe Substance 3D Painter Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-15 | CVE-2024-20725 | Adobe | Out-of-bounds Read vulnerability in Adobe Substance 3D Painter Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-02-13 | CVE-2024-21362 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Security Feature Bypass Vulnerability | 5.5 |
2024-02-13 | CVE-2024-21377 | Microsoft | Unspecified vulnerability in Microsoft products Windows DNS Information Disclosure Vulnerability | 5.5 |
2024-02-13 | CVE-2024-1096 | Filseclab | NULL Pointer Dereference vulnerability in Filseclab Twister Antivirus 8.17 Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver. | 5.5 |
2024-02-13 | CVE-2024-1140 | Filseclab | Out-of-bounds Read vulnerability in Filseclab Twister Antivirus 8.17 Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver. | 5.5 |
2024-02-13 | CVE-2024-23799 | Siemens | NULL Pointer Dereference vulnerability in Siemens Tecnomatix Plant Simulation 2201.0/2302.0/2302.0004 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). | 5.5 |
2024-02-13 | CVE-2024-23800 | Siemens | NULL Pointer Dereference vulnerability in Siemens Tecnomatix Plant Simulation 2201.0/2302.0/2302.0004 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). | 5.5 |
2024-02-13 | CVE-2024-23801 | Siemens | NULL Pointer Dereference vulnerability in Siemens Tecnomatix Plant Simulation 2201.0/2302.0/2302.0004 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). | 5.5 |
2024-02-12 | CVE-2023-52429 | Linux Fedoraproject | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. | 5.5 |
2024-02-12 | CVE-2024-25739 | Linux | Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | 5.5 |
2024-02-12 | CVE-2024-25740 | Linux | Memory Leak vulnerability in Linux Kernel A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. | 5.5 |
2024-02-12 | CVE-2024-25741 | Linux | Unspecified vulnerability in Linux Kernel printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. | 5.5 |
2024-02-17 | CVE-2024-20913 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). | 5.4 | |
2024-02-17 | CVE-2024-20943 | Oracle | Unspecified vulnerability in Oracle Knowledge Management Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). | 5.4 |
2024-02-17 | CVE-2024-20947 | Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). | 5.4 | |
2024-02-17 | CVE-2024-20958 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). | 5.4 | |
2024-02-17 | CVE-2024-20980 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). | 5.4 | |
2024-02-15 | CVE-2024-20717 | Adobe | Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-02-14 | CVE-2024-25207 | Barangay Management System Project | Cross-site Scripting vulnerability in Barangay Management System Project Barangay Management System 1.0 Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. | 5.4 |
2024-02-14 | CVE-2024-25208 | Barangay Management System Project | Cross-site Scripting vulnerability in Barangay Management System Project Barangay Management System 1.0 Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. | 5.4 |
2024-02-12 | CVE-2024-0169 | Dell | Cross-site Scripting vulnerability in Dell Unity Operating Environment Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. | 5.4 |
2024-02-12 | CVE-2024-22230 | Dell | Cross-site Scripting vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120 Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. | 5.4 |
2024-02-12 | CVE-2023-50875 | Automattic | Cross-site Scripting vulnerability in Automattic Sensei LMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | 5.4 |
2024-02-12 | CVE-2023-51403 | Nicdark | Cross-site Scripting vulnerability in Nicdark Restaurant Reservations Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8. | 5.4 |
2024-02-12 | CVE-2024-24928 | Content Cards Project | Cross-site Scripting vulnerability in Content Cards Project Content Cards Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7. | 5.4 |
2024-02-12 | CVE-2024-24930 | Otwthemes | Cross-site Scripting vulnerability in Otwthemes Buttons Shortcode and Widget Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16. | 5.4 |
2024-02-12 | CVE-2024-24931 | Swadeshswain | Cross-site Scripting vulnerability in Swadeshswain Before After Image Slider Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2. | 5.4 |
2024-02-17 | CVE-2024-20915 | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). | 5.3 | |
2024-02-17 | CVE-2024-20964 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 5.3 | |
2024-02-15 | CVE-2024-26263 | EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | 5.3 | |
2024-02-13 | CVE-2024-21397 | Microsoft | Unspecified vulnerability in Microsoft Azure File Sync Microsoft Azure File Sync Elevation of Privilege Vulnerability | 5.3 |
2024-02-13 | CVE-2023-5680 | If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. | 5.3 | |
2024-02-12 | CVE-2024-1459 | Redhat | Path Traversal: '../filedir' vulnerability in Redhat Undertow A path traversal vulnerability was found in Undertow. | 5.3 |
2024-02-15 | CVE-2023-44253 | Fortinet | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. | 5.0 |
2024-02-13 | CVE-2024-21374 | Microsoft | Unspecified vulnerability in Microsoft Teams 1.0.0.2023070204 Microsoft Teams for Android Information Disclosure Vulnerability | 5.0 |
2024-02-17 | CVE-2024-20966 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 | |
2024-02-17 | CVE-2024-20970 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 | |
2024-02-17 | CVE-2024-20972 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2024-02-17 | CVE-2024-20974 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2024-02-17 | CVE-2024-20976 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2024-02-17 | CVE-2024-20978 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2024-02-17 | CVE-2024-20982 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 | |
2024-02-15 | CVE-2024-20716 | Adobe | Resource Exhaustion vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. | 4.9 |
2024-02-17 | CVE-2024-25297 | Bludit | Cross-site Scripting vulnerability in Bludit 3.15.0 Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. | 4.8 |
2024-02-15 | CVE-2023-47537 | Fortinet | Improper Certificate Validation vulnerability in Fortinet Fortios An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. | 4.8 |
2024-02-14 | CVE-2024-25300 | Redaxo | Cross-site Scripting vulnerability in Redaxo 5.15.1 A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | 4.8 |
2024-02-12 | CVE-2023-47526 | AYS PRO | Cross-site Scripting vulnerability in Ays-Pro Chartify 2.0.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6. | 4.8 |
2024-02-17 | CVE-2024-20945 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). | 4.7 | |
2024-02-13 | CVE-2024-21340 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 4.6 |
2024-02-12 | CVE-2022-22506 | IBM | Unspecified vulnerability in IBM Robotic Process Automation 21.0.2 IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. | 4.6 |
2024-02-17 | CVE-2024-20968 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). | 4.4 | |
2024-02-17 | CVE-2024-20984 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). | 4.4 | |
2024-02-17 | CVE-2023-21833 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). | 4.3 | |
2024-02-17 | CVE-2024-20937 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). | 4.3 | |
2024-02-17 | CVE-2024-20939 | Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). | 4.3 | |
2024-02-13 | CVE-2024-24782 | An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. | 4.3 | |
2024-02-12 | CVE-2022-34311 | IBM | Insufficiently Protected Credentials vulnerability in IBM Cics TX 11.1 IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. | 4.3 |
2024-02-13 | CVE-2024-21304 | Microsoft | Unspecified vulnerability in Microsoft products Trusted Compute Base Elevation of Privilege Vulnerability | 4.1 |