CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2024-22920 | swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. | September 11, 2024. 21:35:00 | [github.com] |
| CVE-2024-44541 | evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." | September 11, 2024. 21:35:00 | [github.com][github.com] |
| CVE-2024-44572 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. | September 11, 2024. 21:35:00 | [www.relyum.com][system-on-chip.com] |
| CVE-2024-44570 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php. | September 11, 2024. 21:35:00 | [www.relyum.com][system-on-chip.com] |
| CVE-2024-44571 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. | September 11, 2024. 21:35:00 | [www.relyum.com][system-on-chip.com] |
| CVE-2024-40652 | In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | September 11, 2024. 21:35:00 | [android.googlesource.com][source.android.com] |
| CVE-2023-46321 | iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line. | September 11, 2024. 21:35:00 | [iterm2.com][gitlab.com] |
| CVE-2023-46322 | iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period. | September 11, 2024. 21:35:00 | [iterm2.com][gitlab.com] |
| CVE-2024-8694 | A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | September 11, 2024. 21:15:00 | [vuldb.com][vuldb.com] |
| CVE-2024-45409 | The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3. | September 11, 2024. 21:15:00 | [github.com][github.com] |
| CVE-2023-33517 | carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | September 11, 2024. 20:35:00 | [gist.github.com] |
| CVE-2023-43905 | Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. | September 11, 2024. 20:35:00 | [github.com] |
| CVE-2018-16739 | An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges. | September 11, 2024. 20:35:00 | [sec.maride.cc][www.ccc.de] |
| CVE-2018-17558 | Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | September 11, 2024. 20:35:00 | [sec.maride.cc][www.ccc.de] |
| CVE-2024-44574 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. | September 11, 2024. 20:35:00 | [www.relyum.com][system-on-chip.com] |
| CVE-2024-44577 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. | September 11, 2024. 20:35:00 | [www.relyum.com][system-on-chip.com] |
| CVE-2023-43961 | An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | September 11, 2024. 20:35:00 | [github.com] |
| CVE-2023-46346 | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | September 11, 2024. 20:35:00 | [security.friendsofpresta.org] |
| CVE-2024-27729 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. | September 11, 2024. 20:29:00 | [leo.oliver.nz][github.com] |
| CVE-2024-37286 | APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged. | September 11, 2024. 20:20:00 | [discuss.elastic.co] |
Page 3 of 1342
