Export limit exceeded: 343831 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343831 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42356 | 1 Shopware | 1 Shopware | 2024-08-12 | 8.3 High |
| Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method. It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. | ||||
| CVE-2024-42357 | 1 Shopware | 1 Shopware | 2024-08-12 | 7.3 High |
| Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | ||||
| CVE-2024-41238 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-12 | 4.3 Medium |
| A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | ||||
| CVE-2024-5801 | 2024-08-12 | N/A | ||
| Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering. | ||||
| CVE-2024-42010 | 1 Roundcube | 1 Roundcube | 2024-08-12 | 7.5 High |
| mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information. | ||||
| CVE-2024-7633 | 2024-08-12 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | ||||
| CVE-2024-42226 | 1 Redhat | 1 Enterprise Linux | 2024-08-12 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-38322 | 2024-08-12 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-34635 | 1 Samsung | 1 Notes | 2024-08-09 | 4 Medium |
| Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | ||||
| CVE-2024-34634 | 1 Samsung | 1 Notes | 2024-08-09 | 4 Medium |
| Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | ||||
| CVE-2024-34632 | 1 Samsung | 1 Notes | 2024-08-09 | 4 Medium |
| Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | ||||
| CVE-2024-34633 | 1 Samsung | 1 Notes | 2024-08-09 | 4 Medium |
| Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | ||||
| CVE-2024-34630 | 1 Samsung | 1 Notes | 2024-08-09 | 5.5 Medium |
| Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | ||||
| CVE-2024-34629 | 1 Samsung | 1 Notes | 2024-08-09 | 5.5 Medium |
| Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | ||||
| CVE-2024-34628 | 1 Samsung | 1 Notes | 2024-08-09 | 5.5 Medium |
| Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | ||||
| CVE-2024-34627 | 1 Samsung | 1 Notes | 2024-08-09 | 5.5 Medium |
| Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | ||||
| CVE-2024-34626 | 1 Samsung | 1 Notes | 2024-08-09 | 5.5 Medium |
| Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | ||||
| CVE-2024-34625 | 1 Samsung | 1 Notes | 2024-08-09 | 5.5 Medium |
| Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | ||||
| CVE-2024-34631 | 1 Samsung | 1 Notes | 2024-08-09 | 5.5 Medium |
| Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | ||||
| CVE-2024-34621 | 1 Samsung | 1 Notes | 2024-08-09 | 5.5 Medium |
| Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | ||||