The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-2410 | -- | Apr 19, 2024 | n/a | |
| CVE-2024-32460 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-32459 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-32458 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-32041 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-32040 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-32039 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-3177 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-31744 | -- | Apr 11, 2024 | n/a | |
| CVE-2024-27980 | -- | Apr 12, 2024 | n/a | |
| CVE-2024-3096 | -- | Apr 12, 2024 | n/a | |
| CVE-2024-2757 | -- | Apr 12, 2024 | n/a | |
| CVE-2024-2756 | -- | Apr 12, 2024 | n/a | |
| CVE-2024-2201 | -- | Apr 11, 2024 | n/a | |
| CVE-2024-1874 | -- | Apr 12, 2024 | n/a | |
| CVE-2024-28661 | -- | Apr 7, 2024 | n/a | |
| CVE-2024-27982 | -- | Apr 4, 2024 | n/a | |
| CVE-2024-25743 | -- | Apr 9, 2024 | n/a | |
| CVE-2024-25742 | -- | Apr 9, 2024 | n/a | |
| CVE-2024-3508 | -- | Apr 10, 2024 | n/a | |
| CVE-2024-3447 | -- | Apr 10, 2024 | n/a | |
| CVE-2024-2881 | -- | Mar 27, 2024 | n/a | |
| CVE-2024-2699 | -- | Mar 25, 2024 | n/a | |
| CVE-2024-27903 | -- | Mar 21, 2024 | n/a | |
| CVE-2024-27459 | -- | Mar 21, 2024 | n/a | |
| CVE-2024-27281 | -- | Mar 22, 2024 | n/a | |
| CVE-2024-27280 | -- | Mar 22, 2024 | n/a | |
| CVE-2024-24974 | -- | Mar 21, 2024 | n/a | |
| CVE-2024-1545 | -- | Mar 22, 2024 | n/a | |
| CVE-2024-1305 | -- | Mar 22, 2024 | n/a | |
| CVE-2024-2467 | -- | Mar 15, 2024 | n/a | |
| CVE-2007-5406 | Medium | Sep 5, 2008 | n/a | |
| CVE-2023-0745 | The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0 | -- | Feb 9, 2023 | n/a |
| CVE-2023-25183 | In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. | -- | May 23, 2023 | n/a |
| CVE-2023-31240 | Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials. | -- | May 23, 2023 | n/a |
| CVE-2023-31245 | Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web. | -- | May 23, 2023 | n/a |
| CVE-2023-1135 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | -- | Mar 30, 2023 | n/a |
| CVE-2023-31278 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | -- | Jun 6, 2023 | n/a |
| CVE-2023-21520 | A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization. | -- | Sep 12, 2023 | n/a |
| CVE-2023-21523 | A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account. | -- | Sep 12, 2023 | n/a |
| CVE-2023-32539 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | -- | Jun 6, 2023 | n/a |
| CVE-2023-32203 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | -- | Jun 6, 2023 | n/a |
| CVE-2023-31244 | The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. | -- | Jun 6, 2023 | n/a |
| CVE-2023-38255 | A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device. | -- | Sep 19, 2023 | n/a |
| CVE-2023-1287 | An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | -- | Mar 9, 2023 | n/a |
| CVE-2023-46665 | Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | -- | Oct 26, 2023 | n/a |
| CVE-2023-28386 | Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution. | -- | May 23, 2023 | n/a |
| CVE-2023-28653 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | -- | Jun 6, 2023 | n/a |
| CVE-2023-25555 | A CWE-78: Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | -- | Apr 18, 2023 | n/a |
| CVE-2023-45227 | An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the dns.0.server parameter. | -- | Feb 7, 2024 | n/a |
