| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. |
| An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. |
| NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges. |
| Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications. |
| Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. |
| In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526. |
| An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.
This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later. |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older. |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled. |
| GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. |
| Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. |
| simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. |
| Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. |
| Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13. |
| An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. |
| mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions |
| Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections |
| This flaw was found to be a duplicate of CVE-2023-6927. Please see https://access.redhat.com/security/cve/CVE-2023-6927 for information about affected products and security errata. |
