Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 28629 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11935 2 Canonical, Debian 2 Ubuntu Linux, Debian Linux 2024-02-23 N/A 5.5 MEDIUM
It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.
CVE-2024-1709 1 Connectwise 1 Screenconnect 2024-02-23 N/A 10.0 CRITICAL
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
CVE-1999-0211 1 Sun 1 Sunos 2024-02-22 5.0 MEDIUM N/A
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.
CVE-2023-4039 1 Gnu 1 Gcc 2024-02-19 N/A 4.8 MEDIUM
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
CVE-2023-40081 1 Google 1 Android 2024-02-15 N/A 5.5 MEDIUM
In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-25677 1 Minbrowser 1 Min 2024-02-15 N/A 8.8 HIGH
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.
CVE-2007-1863 2 Apache, Apple 2 Http Server, Mac Os X Server 2024-02-15 5.0 MEDIUM N/A
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
CVE-2024-24776 1 Mattermost 1 Mattermost Server 2024-02-15 N/A 4.3 MEDIUM
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
CVE-2023-47132 1 N-able 1 N-central 2024-02-15 N/A 9.8 CRITICAL
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
CVE-2023-27001 1 Egerie 1 Egerie 2024-02-15 N/A 8.8 HIGH
An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.
CVE-2023-43609 1 Emerson 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more 2024-02-15 N/A 9.1 CRITICAL
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.
CVE-2024-22388 1 Hidglobal 16 Iclass Se Cp1000 Encoder, Iclass Se Cp1000 Encoder Firmware, Iclass Se Processors and 13 more 2024-02-14 N/A 7.8 HIGH
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.
CVE-2024-23446 1 Elastic 1 Kibana 2024-02-14 N/A 6.5 MEDIUM
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.
CVE-2024-23447 1 Elastic 1 Network Drive Connector 2024-02-14 N/A 6.5 MEDIUM
An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
CVE-2022-43486 1 Buffalo 26 Wcr-1166ds, Wcr-1166ds Firmware, Wex-1800ax4 and 23 more 2024-02-14 N/A 6.8 MEDIUM
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
CVE-2005-4249 1 Adp 1 Adp Forum 2024-02-14 5.0 MEDIUM N/A
ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory.
CVE-2004-2418 1 Whitsoft Development 1 Slimftpd 2024-02-14 7.2 HIGH N/A
Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.
CVE-2001-0949 1 Valicert 1 Enterprise Validation Authority 2024-02-14 7.5 HIGH N/A
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
CVE-2005-2362 1 Ethereal Group 1 Ethereal 2024-02-14 5.0 MEDIUM N/A
Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.
CVE-2005-1468 1 Ethereal Group 1 Ethereal 2024-02-14 5.0 MEDIUM N/A
Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference.