CVE-2023-42974 | A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges. | high |
CVE-2023-42962 | This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service. | high |
CVE-2023-42956 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. | high |
CVE-2023-42950 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. | high |
CVE-2023-42947 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox. | critical |
CVE-2023-42936 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data. | high |
CVE-2023-42931 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication. | critical |
CVE-2023-42930 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system. | critical |
CVE-2023-42913 | This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. | high |
CVE-2023-42896 | An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system. | high |
CVE-2023-42893 | A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data. | critical |
CVE-2023-42892 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges. | critical |
CVE-2023-40390 | A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. | high |
CVE-2024-3042 | A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431. | medium |
CVE-2024-3041 | A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | medium |
CVE-2024-31140 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | medium |
CVE-2024-31139 | In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | medium |
CVE-2024-3040 | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | medium |
CVE-2024-3039 | A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | medium |
CVE-2024-31138 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | medium |
CVE-2024-31137 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | medium |
CVE-2024-31136 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | high |
CVE-2024-31135 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | medium |
CVE-2024-31134 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | medium |
CVE-2024-30612 | Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. | critical |
CVE-2024-30604 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function. | critical |
CVE-2024-30603 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | critical |
CVE-2024-30602 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | critical |
CVE-2024-30601 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | critical |
CVE-2024-30600 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | critical |
CVE-2024-30599 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | critical |
CVE-2024-30598 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | critical |
CVE-2024-30597 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | critical |
CVE-2024-0259 | Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges. | high |
CVE-2023-45715 | The console may experience a service interruption when processing file names with invalid characters. | low |
CVE-2023-45706 | An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration. | low |
CVE-2023-45705 | An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. | low |
CVE-2024-30607 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | critical |
CVE-2024-30606 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function. | critical |
CVE-2024-30592 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. | critical |
CVE-2024-30591 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | critical |
CVE-2024-30590 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | critical |
CVE-2024-30589 | Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. | critical |
CVE-2024-30588 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | critical |
CVE-2024-30587 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | critical |
CVE-2024-30586 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | critical |
CVE-2024-30585 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | critical |
CVE-2024-30584 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | critical |
CVE-2024-30583 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. | critical |
CVE-2024-29898 | CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c. | medium |