Weekly Vulnerabilities Reports > February 12 to 18, 2024

Overview

267 new vulnerabilities reported during this period, including 36 critical vulnerabilities and 124 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 37 vendors including Microsoft, Adobe, Dell, Siemens, and Github. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "OS Command Injection", "Out-of-bounds Write", and "Out-of-bounds Read".

  • 166 reported vulnerabilities are remotely exploitables.
  • 77 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 155 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 68 reported vulnerabilities.
  • Github has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

36 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-02-15 CVE-2023-5155 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.
9.8
2024-02-15 CVE-2023-7081 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSIL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024.
9.8
2024-02-15 CVE-2024-23113 Fortinet Use of Externally-Controlled Format String vulnerability in Fortinet products

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

9.8
2024-02-15 CVE-2024-20738 Adobe Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022

Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass.

9.8
2024-02-15 CVE-2024-26260 The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters.
9.8
2024-02-15 CVE-2024-26261 The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability.
9.8
2024-02-15 CVE-2024-26264 EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login.
9.8
2024-02-14 CVE-2024-25214 Sherlock SQL Injection vulnerability in Sherlock Employee Management System 1.0

An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.

9.8
2024-02-14 CVE-2024-25215 Sherlock SQL Injection vulnerability in Sherlock Employee Management System 1.0

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.

9.8
2024-02-14 CVE-2024-25216 Sherlock SQL Injection vulnerability in Sherlock Employee Management System 1.0

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.

9.8
2024-02-14 CVE-2024-25220 Task Manager IN PHP With Source Code Project SQL Injection vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.

9.8
2024-02-14 CVE-2024-25222 Task Manager IN PHP With Source Code Project SQL Injection vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.

9.8
2024-02-14 CVE-2023-6441 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc.
9.8
2024-02-13 CVE-2024-21413 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Outlook Remote Code Execution Vulnerability

9.8
2024-02-13 CVE-2024-21401 Microsoft Unspecified vulnerability in Microsoft Entra Jira SSO Plugin

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

9.8
2024-02-13 CVE-2024-21410 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability

9.8
2024-02-13 CVE-2024-22923 Advradius SQL Injection vulnerability in Advradius ADV Radius 2.2.5

SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.

9.8
2024-02-13 CVE-2024-23816 A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3).
9.8
2024-02-12 CVE-2024-23759 Gambio Unrestricted Upload of File with Dangerous Type vulnerability in Gambio 4.9.2.0

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.

9.8
2024-02-12 CVE-2024-23761 Gambio Server-Side Request Forgery (SSRF) vulnerability in Gambio 4.9.2.0

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.

9.8
2024-02-12 CVE-2024-23763 Gambio SQL Injection vulnerability in Gambio 4.9.2.0

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.

9.8
2024-02-15 CVE-2024-23476 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.

9.6
2024-02-15 CVE-2024-23477 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.

9.6
2024-02-15 CVE-2024-23479 Solarwinds Path Traversal vulnerability in Solarwinds Access Rights Manager

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.

9.6
2024-02-13 CVE-2024-21364 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

9.3
2024-02-15 CVE-2024-20719 Adobe Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page.

9.1
2024-02-15 CVE-2024-20720 Adobe OS Command Injection vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.

9.1
2024-02-13 CVE-2024-1355 Github Command Injection vulnerability in Github Enterprise Server

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL.

9.1
2024-02-13 CVE-2024-1359 Github Command Injection vulnerability in Github Enterprise Server

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy.

9.1
2024-02-13 CVE-2024-1369 Github Command Injection vulnerability in Github Enterprise Server

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations.

9.1
2024-02-13 CVE-2024-1372 Github Command Injection vulnerability in Github Enterprise Server

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings.

9.1
2024-02-13 CVE-2024-1374 Github Command Injection vulnerability in Github Enterprise Server

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding.

9.1
2024-02-13 CVE-2024-1378 Github Command Injection vulnerability in Github Enterprise Server

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options.

9.1
2024-02-15 CVE-2023-40057 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability.

9.0
2024-02-13 CVE-2024-21376 Microsoft Unspecified vulnerability in Microsoft Azure Kubernetes Service

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

9.0
2024-02-13 CVE-2024-21403 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
9.0

124 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-02-17 CVE-2024-20953 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export).
8.8
2024-02-15 CVE-2024-1530 Shopex SQL Injection vulnerability in Shopex Ecshop 4.1.8

A vulnerability, which was classified as critical, has been found in ECshop 4.1.8.

8.8
2024-02-15 CVE-2024-26262 EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands.
8.8
2024-02-13 CVE-2024-21420 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
8.8
2024-02-13 CVE-2024-21345 Microsoft Unspecified vulnerability in Microsoft Windows Server 2022 23H2

Windows Kernel Elevation of Privilege Vulnerability

8.8
2024-02-13 CVE-2024-21349 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21350 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21352 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21353 Microsoft Unspecified vulnerability in Microsoft Windows Server 2022 23H2

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21358 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21359 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21360 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21361 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21365 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21366 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21367 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21368 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21369 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21370 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21372 Microsoft Unspecified vulnerability in Microsoft products

Windows OLE Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21375 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21378 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Outlook Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-21391 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2024-02-13 CVE-2024-23810 A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1).
8.8
2024-02-13 CVE-2024-23811 A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1).
8.8
2024-02-13 CVE-2024-22454 Dell Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dell Powerprotect Data Manager

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords.

8.8
2024-02-17 CVE-2024-20927 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
8.6
2024-02-13 CVE-2024-22024 Ivanti XXE vulnerability in Ivanti Connect Secure, Policy Secure and Zero Trust Access

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

8.3
2024-02-13 CVE-2024-21395 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

8.2
2024-02-13 CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
8.1
2024-02-13 CVE-2024-21412 Microsoft Unspecified vulnerability in Microsoft products

Internet Shortcut Files Security Feature Bypass Vulnerability

8.1
2024-02-15 CVE-2024-23478 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability.

8.0
2024-02-13 CVE-2024-1354 Github Command Injection vulnerability in Github Enterprise Server

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file.

8.0
2024-02-13 CVE-2024-21380 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 Business Central 2022/2023

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

8.0
2024-02-13 CVE-2024-23812 A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1).
8.0
2024-02-15 CVE-2024-20726 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20727 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20728 Adobe Out-of-bounds Write vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20729 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20730 Adobe Integer Overflow or Wraparound vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20731 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20739 Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-02-15 CVE-2024-20750 Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
7.8
2024-02-15 CVE-2024-20723 Adobe Classic Buffer Overflow vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20740 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20741 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20742 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2024-02-15 CVE-2024-20743 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-15 CVE-2024-20744 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-02-13 CVE-2024-20673 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability

7.8
2024-02-13 CVE-2024-21315 Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
7.8
2024-02-13 CVE-2024-21338 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2024-02-13 CVE-2024-21346 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2024-02-13 CVE-2024-21354 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

7.8
2024-02-13 CVE-2024-21363 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
7.8
2024-02-13 CVE-2024-21379 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Word Remote Code Execution Vulnerability

7.8
2024-02-13 CVE-2024-21384 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office Long Term Servicing Channel

Microsoft Office OneNote Remote Code Execution Vulnerability

7.8
2024-02-13 CVE-2023-49125 A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge (All versions < V223.0.11).
7.8
2024-02-13 CVE-2023-50236 A vulnerability has been identified in Polarion ALM (All versions).
7.8
2024-02-13 CVE-2024-22042 A vulnerability has been identified in Unicam FX (All versions).
7.8
2024-02-13 CVE-2024-23795 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).

7.8
2024-02-13 CVE-2024-23796 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).

7.8
2024-02-13 CVE-2024-23797 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).

7.8
2024-02-13 CVE-2024-23798 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).

7.8
2024-02-13 CVE-2024-23802 Siemens Out-of-bounds Read vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).

7.8
2024-02-13 CVE-2024-23803 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 2201.0/2302.0/2302.0004

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007).

7.8
2024-02-13 CVE-2024-23804 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006).

7.8
2024-02-13 CVE-2024-24920 A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000).
7.8
2024-02-13 CVE-2024-24921 A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000).
7.8
2024-02-13 CVE-2024-24922 A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000).
7.8
2024-02-13 CVE-2024-24923 A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001).
7.8
2024-02-13 CVE-2024-24925 A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000).
7.8
2024-02-12 CVE-2024-23762 Gambio Unrestricted Upload of File with Dangerous Type vulnerability in Gambio 4.9.2.0

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.

7.8
2024-02-12 CVE-2024-0164 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility.

7.8
2024-02-12 CVE-2024-0165 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility.

7.8
2024-02-12 CVE-2024-0166 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility.

7.8
2024-02-12 CVE-2024-0167 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility.

7.8
2024-02-12 CVE-2024-0168 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility.

7.8
2024-02-12 CVE-2024-0170 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility.

7.8
2024-02-12 CVE-2024-22222 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility.

7.8
2024-02-12 CVE-2024-22223 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility.

7.8
2024-02-12 CVE-2024-22224 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility.

7.8
2024-02-12 CVE-2024-22225 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility.

7.8
2024-02-12 CVE-2024-22227 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility.

7.8
2024-02-12 CVE-2024-22228 Dell OS Command Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility.

7.8
2024-02-13 CVE-2024-21327 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 9.1

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

7.6
2024-02-13 CVE-2024-21328 Microsoft Unspecified vulnerability in Microsoft Dynamics 365

Dynamics 365 Sales Spoofing Vulnerability

7.6
2024-02-13 CVE-2024-21351 Microsoft Unspecified vulnerability in Microsoft products

Windows SmartScreen Security Feature Bypass Vulnerability

7.6
2024-02-13 CVE-2024-21389 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

7.6
2024-02-13 CVE-2024-21393 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

7.6
2024-02-13 CVE-2024-21394 Microsoft Unspecified vulnerability in Microsoft Dynamics 365

Dynamics 365 Field Service Spoofing Vulnerability

7.6
2024-02-13 CVE-2024-21396 Microsoft Unspecified vulnerability in Microsoft Dynamics 365

Dynamics 365 Sales Spoofing Vulnerability

7.6
2024-02-17 CVE-2024-20909 Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall).
7.5
2024-02-17 CVE-2024-20917 Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management).
7.5
2024-02-17 CVE-2024-20931 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
7.5
2024-02-15 CVE-2023-4993 Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
7.5
2024-02-14 CVE-2023-50387 Redhat
Microsoft
Fedoraproject
Thekelleys
NIC
Powerdns
ISC
Nlnetlabs
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue.

7.5
2024-02-14 CVE-2023-48987 Cusg SQL Injection vulnerability in Cusg Content Management System

Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component.

7.5
2024-02-13 CVE-2024-20667 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2019.1.2/2020.1.2/2022.1

Azure DevOps Server Remote Code Execution Vulnerability

7.5
2024-02-13 CVE-2024-21342 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2

Windows DNS Client Denial of Service Vulnerability

7.5
2024-02-13 CVE-2024-21343 Microsoft Unspecified vulnerability in Microsoft products

Windows Network Address Translation (NAT) Denial of Service Vulnerability

7.5
2024-02-13 CVE-2024-21347 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability

7.5
2024-02-13 CVE-2024-21348 Microsoft Unspecified vulnerability in Microsoft products

Internet Connection Sharing (ICS) Denial of Service Vulnerability

7.5
2024-02-13 CVE-2024-21386 Microsoft Unspecified vulnerability in Microsoft Asp.Net Core and Visual Studio 2022

.NET Denial of Service Vulnerability

7.5
2024-02-13 CVE-2024-21404 Microsoft Unspecified vulnerability in Microsoft Asp.Net Core and Visual Studio 2022

.NET Denial of Service Vulnerability

7.5
2024-02-13 CVE-2024-21406 Microsoft Unspecified vulnerability in Microsoft products

Windows Printing Service Spoofing Vulnerability

7.5
2024-02-13 CVE-2023-4408 The DNS message parsing code in `named` includes a section whose computational complexity is overly high.
7.5
2024-02-13 CVE-2023-5517 A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
7.5
2024-02-13 CVE-2023-5679 A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
7.5
2024-02-13 CVE-2023-6516 To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database.
7.5
2024-02-13 CVE-2024-24781 An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. 
7.5
2024-02-13 CVE-2023-51440 A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions).
7.5
2024-02-17 CVE-2024-20956 Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation).
7.3
2024-02-13 CVE-2024-21329 Microsoft Unspecified vulnerability in Microsoft Azure Connected Machine Agent

Azure Connected Machine Agent Elevation of Privilege Vulnerability

7.3
2024-02-13 CVE-2024-23813 A vulnerability has been identified in Polarion ALM (All versions).
7.3
2024-02-17 CVE-2024-25298 Redaxo Code Injection vulnerability in Redaxo 5.15.1

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.

7.2
2024-02-15 CVE-2023-45581 Fortinet Unspecified vulnerability in Fortinet Forticlient Enterprise Management Server

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.

7.2
2024-02-14 CVE-2024-25212 Sherlock SQL Injection vulnerability in Sherlock Employee Management System 1.0

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.

7.2
2024-02-14 CVE-2024-25213 Sherlock SQL Injection vulnerability in Sherlock Employee Management System 1.0

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.

7.2
2024-02-13 CVE-2024-22445 Dell OS Command Injection vulnerability in Dell Powerprotect Data Manager

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability.

7.2
2024-02-13 CVE-2024-21402 Microsoft Unspecified vulnerability in Microsoft 365 Apps 2401.17231.20236

Microsoft Outlook Elevation of Privilege Vulnerability

7.1
2024-02-13 CVE-2024-21355 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

7.0
2024-02-13 CVE-2024-21371 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.0
2024-02-13 CVE-2024-21405 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

7.0

100 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-02-13 CVE-2024-21341 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Remote Code Execution Vulnerability

6.8
2024-02-13 CVE-2024-21381 Microsoft Unspecified vulnerability in Microsoft Azure Active Directory

Microsoft Azure Active Directory B2C Spoofing Vulnerability

6.8
2024-02-17 CVE-2024-20903 Vulnerability in the Java VM component of Oracle Database Server.
6.5
2024-02-17 CVE-2024-20929 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges).
6.5
2024-02-17 CVE-2024-20960 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID).
6.5
2024-02-17 CVE-2024-20962 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.5
2024-02-15 CVE-2024-20718 Adobe Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass.

6.5
2024-02-13 CVE-2024-20679 Microsoft Unspecified vulnerability in Microsoft Azure Stack HUB

Azure Stack Hub Spoofing Vulnerability

6.5
2024-02-13 CVE-2024-20684 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Denial of Service Vulnerability

6.5
2024-02-13 CVE-2024-21356 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

6.5
2024-02-13 CVE-2023-48363 A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4).
6.5
2024-02-13 CVE-2023-48364 A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4).
6.5
2024-02-12 CVE-2024-1250 Gitlab Unspecified vulnerability in Gitlab 16.8.0

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2.

6.5
2024-02-12 CVE-2024-22221 Dell SQL Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability.

6.5
2024-02-12 CVE-2024-22226 Dell Path Traversal vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility.

6.5
2024-02-13 CVE-2024-21339 Microsoft Unspecified vulnerability in Microsoft products

Windows USB Generic Parent Driver Remote Code Execution Vulnerability

6.4
2024-02-13 CVE-2024-23440 Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.
6.3
2024-02-17 CVE-2024-20907 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download).
6.1
2024-02-17 CVE-2024-20933 Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order).
6.1
2024-02-17 CVE-2024-20935 Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order).
6.1
2024-02-17 CVE-2024-20941 Oracle Unspecified vulnerability in Oracle Installed Base

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI).

6.1
2024-02-17 CVE-2024-20949 Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result).
6.1
2024-02-17 CVE-2024-20951 Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result).
6.1
2024-02-17 CVE-2024-20986 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
6.1
2024-02-15 CVE-2023-26206 Fortinet Cross-site Scripting vulnerability in Fortinet Fortinac

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.

6.1
2024-02-14 CVE-2024-25218 Task Manager IN PHP With Source Code Project Cross-site Scripting vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.

6.1
2024-02-14 CVE-2024-25219 Task Manager IN PHP With Source Code Project Cross-site Scripting vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.

6.1
2024-02-14 CVE-2024-25221 Task Manager IN PHP With Source Code Project Cross-site Scripting vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.

6.1
2024-02-14 CVE-2023-48985 Cusg Cross-site Scripting vulnerability in Cusg Content Management System

Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component.

6.1
2024-02-14 CVE-2023-48986 Cusg Cross-site Scripting vulnerability in Cusg Content Management System

Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component.

6.1
2024-02-12 CVE-2024-24927 Unitedthemes Cross-site Scripting vulnerability in Unitedthemes Brooklyn

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.

6.1
2024-02-12 CVE-2024-24932 Zixn Cross-site Scripting vulnerability in Zixn VK Poster Group

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3.

6.1
2024-02-12 CVE-2024-24933 Prasidhdamalla Cross-site Scripting vulnerability in Prasidhdamalla Honeypot for WP Comment

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.

6.1
2024-02-17 CVE-2024-20919 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
5.9
2024-02-17 CVE-2024-20921 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
5.9
2024-02-13 CVE-2024-21344 Microsoft Unspecified vulnerability in Microsoft products

Windows Network Address Translation (NAT) Denial of Service Vulnerability

5.9
2024-02-13 CVE-2024-20695 Microsoft Unspecified vulnerability in Microsoft Skype for Business Server 2019

Skype for Business Information Disclosure Vulnerability

5.7
2024-02-15 CVE-2024-20733 Adobe Improper Input Validation vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service.

5.5
2024-02-15 CVE-2024-20734 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-15 CVE-2024-20735 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-15 CVE-2024-20736 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-15 CVE-2024-20747 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-15 CVE-2024-20748 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-15 CVE-2024-20749 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-15 CVE-2024-20722 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-15 CVE-2024-20724 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-15 CVE-2024-20725 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-02-13 CVE-2024-21362 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Security Feature Bypass Vulnerability

5.5
2024-02-13 CVE-2024-21377 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Information Disclosure Vulnerability

5.5
2024-02-13 CVE-2024-1096 Filseclab NULL Pointer Dereference vulnerability in Filseclab Twister Antivirus 8.17

Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver.

5.5
2024-02-13 CVE-2024-1140 Filseclab Out-of-bounds Read vulnerability in Filseclab Twister Antivirus 8.17

Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.

5.5
2024-02-13 CVE-2024-23799 Siemens NULL Pointer Dereference vulnerability in Siemens Tecnomatix Plant Simulation 2201.0/2302.0/2302.0004

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007).

5.5
2024-02-13 CVE-2024-23800 Siemens NULL Pointer Dereference vulnerability in Siemens Tecnomatix Plant Simulation 2201.0/2302.0/2302.0004

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007).

5.5
2024-02-13 CVE-2024-23801 Siemens NULL Pointer Dereference vulnerability in Siemens Tecnomatix Plant Simulation 2201.0/2302.0/2302.0004

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007).

5.5
2024-02-12 CVE-2023-52429 Linux
Fedoraproject
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.

5.5
2024-02-12 CVE-2024-25739 Linux Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

5.5
2024-02-12 CVE-2024-25740 Linux Memory Leak vulnerability in Linux Kernel

A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

5.5
2024-02-17 CVE-2024-20913 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security).
5.4
2024-02-17 CVE-2024-20943 Oracle Unspecified vulnerability in Oracle Knowledge Management

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations).

5.4
2024-02-17 CVE-2024-20947 Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework).
5.4
2024-02-17 CVE-2024-20958 Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order).
5.4
2024-02-17 CVE-2024-20980 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server).
5.4
2024-02-15 CVE-2024-20717 Adobe Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-02-14 CVE-2024-25207 Barangay Management System Project Cross-site Scripting vulnerability in Barangay Management System Project Barangay Management System 1.0

Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php.

5.4
2024-02-14 CVE-2024-25208 Barangay Management System Project Cross-site Scripting vulnerability in Barangay Management System Project Barangay Management System 1.0

Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php.

5.4
2024-02-12 CVE-2024-0169 Dell Cross-site Scripting vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability.

5.4
2024-02-12 CVE-2024-22230 Dell Cross-site Scripting vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability.

5.4
2024-02-12 CVE-2023-50875 Automattic Cross-site Scripting vulnerability in Automattic Sensei LMS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.

5.4
2024-02-12 CVE-2024-24928 Content Cards Project Cross-site Scripting vulnerability in Content Cards Project Content Cards

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7.

5.4
2024-02-12 CVE-2024-24930 Otwthemes Cross-site Scripting vulnerability in Otwthemes Buttons Shortcode and Widget

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16.

5.4
2024-02-12 CVE-2024-24931 Swadeshswain Cross-site Scripting vulnerability in Swadeshswain Before After Image Slider

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2.

5.4
2024-02-17 CVE-2024-20915 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO).
5.3
2024-02-17 CVE-2024-20964 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
5.3
2024-02-15 CVE-2024-26263 EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.
5.3
2024-02-13 CVE-2024-21397 Microsoft Unspecified vulnerability in Microsoft Azure File Sync

Microsoft Azure File Sync Elevation of Privilege Vulnerability

5.3
2024-02-13 CVE-2023-5680 If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.
5.3
2024-02-12 CVE-2024-1459 Redhat Path Traversal: '../filedir' vulnerability in Redhat Undertow

A path traversal vulnerability was found in Undertow.

5.3
2024-02-15 CVE-2023-44253 Fortinet Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.

5.0
2024-02-13 CVE-2024-21374 Microsoft Unspecified vulnerability in Microsoft Teams 1.0.0.2023070204

Microsoft Teams for Android Information Disclosure Vulnerability

5.0
2024-02-17 CVE-2024-20966 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2024-02-17 CVE-2024-20970 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2024-02-17 CVE-2024-20972 Oracle Unspecified vulnerability in Oracle Mysql Server

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.9
2024-02-17 CVE-2024-20974 Oracle Unspecified vulnerability in Oracle Mysql Server

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.9
2024-02-17 CVE-2024-20976 Oracle Unspecified vulnerability in Oracle Mysql Server

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.9
2024-02-17 CVE-2024-20978 Oracle Unspecified vulnerability in Oracle Mysql Server

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.9
2024-02-17 CVE-2024-20982 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2024-02-15 CVE-2024-20716 Adobe Resource Exhaustion vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service.

4.9
2024-02-17 CVE-2024-25297 Bludit Cross-site Scripting vulnerability in Bludit 3.15.0

Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.

4.8
2024-02-15 CVE-2023-47537 Fortinet Improper Certificate Validation vulnerability in Fortinet Fortios

An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch.

4.8
2024-02-12 CVE-2023-47526 AYS PRO Cross-site Scripting vulnerability in Ays-Pro Chartify 2.0.6

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6.

4.8
2024-02-17 CVE-2024-20945 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).
4.7
2024-02-13 CVE-2024-21340 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

4.6
2024-02-12 CVE-2022-22506 IBM Unspecified vulnerability in IBM Robotic Process Automation 21.0.2

IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants.

4.6
2024-02-17 CVE-2024-20968 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).
4.4
2024-02-17 CVE-2024-20984 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall).
4.4
2024-02-17 CVE-2023-21833 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store).
4.3
2024-02-17 CVE-2024-20937 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC).
4.3
2024-02-17 CVE-2024-20939 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console).
4.3
2024-02-13 CVE-2024-24782 An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.
4.3
2024-02-13 CVE-2024-21304 Microsoft Unspecified vulnerability in Microsoft products

Trusted Compute Base Elevation of Privilege Vulnerability

4.1

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-02-13 CVE-2024-22043 A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170).
3.3
2024-02-17 CVE-2024-20923 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).
3.1
2024-02-17 CVE-2024-20925 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).
3.1
2024-02-17 CVE-2024-20905 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC).
2.7
2024-02-12 CVE-2024-23760 Gambio Information Exposure Through Log Files vulnerability in Gambio 4.9.2.0

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.

2.7
2024-02-17 CVE-2024-20911 Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall).
2.6
2024-02-16 CVE-2024-23591 ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.
2.0