Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-42913 |
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-42896 |
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system. Published: March 28, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-42893 |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data. Published: March 28, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-42892 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges. Published: March 28, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-40390 |
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. Published: March 28, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3042 |
A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431. Published: March 28, 2024; 11:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3041 |
A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: March 28, 2024; 11:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3040 |
A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: March 28, 2024; 11:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3039 |
A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: March 28, 2024; 11:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31140 |
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools Published: March 28, 2024; 11:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31139 |
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector Published: March 28, 2024; 11:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31138 |
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings Published: March 28, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31137 |
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration Published: March 28, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31136 |
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter Published: March 28, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31135 |
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page Published: March 28, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31134 |
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30612 |
Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30604 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30603 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30602 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. Published: March 28, 2024; 11:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |