Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 28652 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0063 1 Xfree86 Project 1 X11r6 2024-06-15 7.5 HIGH N/A
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
CVE-2023-4039 1 Gnu 1 Gcc 2024-06-13 N/A 4.8 MEDIUM
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
CVE-2024-36416 1 Salesagility 1 Suitecrm 2024-06-12 N/A 7.5 HIGH
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-5389 1 Lunary 1 Lunary 2024-06-12 N/A 8.1 HIGH
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result, unauthorized modifications to dataset prompts can occur, leading to altered or removed dataset prompts without proper authorization. This vulnerability impacts the integrity and consistency of dataset information, potentially affecting the results of experiments.
CVE-2024-34363 1 Envoyproxy 1 Envoy 2024-06-11 N/A 7.5 HIGH
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.
CVE-2024-1272 1 Tnbmobil 1 Cockpit 2024-06-11 N/A 7.5 HIGH
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.
CVE-2024-4520 1 Gaizhenbiao 1 Chuanhuchatgpt 2024-06-11 N/A 7.5 HIGH
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.
CVE-2022-38773 1 Siemens 140 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 137 more 2024-06-11 N/A 6.8 MEDIUM
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.
CVE-2023-20593 3 Amd, Debian, Xen 140 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 137 more 2024-06-10 N/A 5.5 MEDIUM
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVE-2000-0476 4 Michael Jennings, Putty, Rxvt and 1 more 4 Eterm, Putty, Rxvt and 1 more 2024-06-10 5.0 MEDIUM N/A
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
CVE-2023-36631 1 Malwarebytes 1 Binisoft Windows Firewall Control 2024-06-05 N/A 7.8 HIGH
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."
CVE-2023-47678 1 Asus 2 Rt-ac87u, Rt-ac87u Firmware 2024-06-04 N/A 9.1 CRITICAL
An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp.
CVE-2023-25399 1 Scipy 1 Scipy 2024-06-04 N/A 5.5 MEDIUM
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
CVE-2022-26635 1 Php 1 Memcached 2024-06-04 7.5 HIGH 9.8 CRITICAL
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.
CVE-2021-25649 1 Avaya 1 Aura Utility Services 2024-06-04 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
CVE-2012-5380 1 Ruby-lang 1 Ruby 2024-06-04 6.0 MEDIUM N/A
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation
CVE-2024-4978 1 Javs 1 Javs Viewer 2024-05-31 N/A 8.4 HIGH
Justice AV Solutions Viewer Setup contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
CVE-2024-27198 1 Jetbrains 1 Teamcity 2024-05-23 N/A 9.8 CRITICAL
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
CVE-2024-0408 4 Fedoraproject, Redhat, Tigervnc and 1 more 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more 2024-05-22 N/A 5.5 MEDIUM
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
CVE-2023-7008 2 Debian, Systemd Project 2 Debian Linux, Systemd 2024-05-22 N/A 5.9 MEDIUM
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.