Weekly Vulnerabilities Reports > October 7 to 13, 2024
Overview
519 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 253 high severity vulnerabilities. This weekly summary report vulnerabilities in 427 products from 80 vendors including Microsoft, Adobe, Siemens, Dlink, and Qualcomm. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Out-of-bounds Read", and "Classic Buffer Overflow".
- 327 reported vulnerabilities are remotely exploitables.
- 127 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 253 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 114 reported vulnerabilities.
- Codezips has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
34 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-10-08 | CVE-2024-47553 | Siemens | Argument Injection or Modification vulnerability in Siemens Sinec Security Monitor A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). | 9.9 |
2024-10-13 | CVE-2024-9916 | Usualtool | OS Command Injection vulnerability in Usualtool Usualtoolcms 9.0 A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. | 9.8 |
2024-10-12 | CVE-2024-9047 | The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. | 9.8 | |
2024-10-11 | CVE-2024-9707 | The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. | 9.8 | |
2024-10-11 | CVE-2024-9822 | The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. | 9.8 | |
2024-10-10 | CVE-2024-9818 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Veterinary Appointment System 1.0 A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. | 9.8 |
2024-10-10 | CVE-2024-47167 | Gradio Project | Server-Side Request Forgery (SSRF) vulnerability in Gradio Project Gradio Gradio is an open-source Python package designed for quick prototyping. | 9.8 |
2024-10-10 | CVE-2024-9814 | Codezips | SQL Injection vulnerability in Codezips Pharmacy Management System 1.0 A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. | 9.8 |
2024-10-10 | CVE-2024-9811 | Code Projects | SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0 A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. | 9.8 |
2024-10-10 | CVE-2024-9812 | Code Projects | SQL Injection vulnerability in Code-Projects Crud Operation System 1.0 A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. | 9.8 |
2024-10-10 | CVE-2024-9813 | Codezips | SQL Injection vulnerability in Codezips Pharmacy Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. | 9.8 |
2024-10-10 | CVE-2024-47636 | Eyecix | Deserialization of Untrusted Data vulnerability in Eyecix Jobsearch Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9. | 9.8 |
2024-10-10 | CVE-2024-9794 | Codezips | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Shopping Portal 1.0 A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. | 9.8 |
2024-10-10 | CVE-2024-9201 | Seur | SQL Injection vulnerability in Seur The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. | 9.8 |
2024-10-10 | CVE-2024-45115 | Adobe | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 9.8 |
2024-10-10 | CVE-2024-9796 | Internet Formation | SQL Injection vulnerability in Internet-Formation Wp-Advanced-Search The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | 9.8 |
2024-10-10 | CVE-2024-9518 | Wpuserplus | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. | 9.8 |
2024-10-09 | CVE-2024-9680 | Mozilla | Use After Free vulnerability in Mozilla Firefox ESR An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. | 9.8 |
2024-10-09 | CVE-2024-32608 | Hdfgroup | Out-of-bounds Write vulnerability in Hdfgroup Hdf5 HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 |
2024-10-08 | CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability | 9.8 | |
2024-10-08 | CVE-2024-43488 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | 9.8 |
2024-10-08 | CVE-2024-47009 | Ivanti | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
2024-10-08 | CVE-2024-47010 | Ivanti | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
2024-10-08 | CVE-2024-8911 | The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. | 9.8 | |
2024-10-08 | CVE-2024-8943 | The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. | 9.8 | |
2024-10-07 | CVE-2024-47556 | Xerox | Path Traversal vulnerability in Xerox Freeflow Core Pre-Auth RCE via Path Traversal | 9.8 |
2024-10-07 | CVE-2024-47557 | Xerox | Path Traversal vulnerability in Xerox Freeflow Core Pre-Auth RCE via Path Traversal | 9.8 |
2024-10-07 | CVE-2024-46446 | Mecha CMS | Path Traversal vulnerability in Mecha-Cms Mecha 3.0.0 Mecha CMS 3.0.0 is vulnerable to Directory Traversal. | 9.8 |
2024-10-07 | CVE-2024-33066 | Qualcomm | Unspecified vulnerability in Qualcomm products Memory corruption while redirecting log file to any file location with any file name. | 9.8 |
2024-10-10 | CVE-2024-47871 | Gradio Project | Missing Encryption of Sensitive Data vulnerability in Gradio Project Gradio Gradio is an open-source Python package designed for quick prototyping. | 9.1 |
2024-10-10 | CVE-2024-48949 | Indutny | Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | 9.1 |
2024-10-09 | CVE-2024-9465 | Paloaltonetworks | SQL Injection vulnerability in Paloaltonetworks Expedition An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. | 9.1 |
2024-10-08 | CVE-2024-43591 | Microsoft | Unspecified vulnerability in Microsoft Azure CLI and Azure Service Connector Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | 9.1 |
2024-10-08 | CVE-2024-38124 | Microsoft | Unspecified vulnerability in Microsoft products Windows Netlogon Elevation of Privilege Vulnerability | 9.0 |
253 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-10-13 | CVE-2024-9915 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-13 | CVE-2024-9913 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-13 | CVE-2024-9914 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-13 | CVE-2024-9912 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-13 | CVE-2024-9911 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-13 | CVE-2024-9910 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. | 8.8 |
2024-10-13 | CVE-2024-9909 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. | 8.8 |
2024-10-13 | CVE-2024-9908 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-13 | CVE-2024-9905 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. | 8.8 |
2024-10-12 | CVE-2024-9894 | Blood Bank System Project | SQL Injection vulnerability in Blood Bank System Project Blood Bank System 1.0 A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. | 8.8 |
2024-10-12 | CVE-2024-9821 | The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. | 8.8 | |
2024-10-10 | CVE-2024-9817 | Blood Bank System Project | SQL Injection vulnerability in Blood Bank System Project Blood Bank System 1.0 A vulnerability was found in code-projects Blood Bank System 1.0. | 8.8 |
2024-10-10 | CVE-2024-9785 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-10 | CVE-2024-9786 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-10 | CVE-2024-9782 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06 A vulnerability was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-10 | CVE-2024-9783 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06 A vulnerability was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-10 | CVE-2024-9784 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06 A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-10 | CVE-2024-45148 | Adobe | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. | 8.8 |
2024-10-10 | CVE-2024-9522 | Lagunaisw | Missing Authentication for Critical Function vulnerability in Lagunaisw WP Users Masquerade The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. | 8.8 |
2024-10-09 | CVE-2024-7292 | Progress | Improper Restriction of Excessive Authentication Attempts vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. | 8.8 |
2024-10-09 | CVE-2024-7293 | Progress | Weak Password Requirements vulnerability in Progress Telerik Reporting In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. | 8.8 |
2024-10-09 | CVE-2024-8014 | Progress | Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 8.8 |
2024-10-09 | CVE-2024-47659 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. | 8.8 |
2024-10-08 | CVE-2024-38179 | Microsoft | Unspecified vulnerability in Microsoft Azure Stack HCI Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | 8.8 |
2024-10-08 | CVE-2024-38212 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-38265 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43453 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43481 | Microsoft | Unspecified vulnerability in Microsoft Power BI Report Server Power BI Report Server Spoofing Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43517 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43518 | Microsoft | Unspecified vulnerability in Microsoft products Windows Telephony Server Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43519 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43532 | Microsoft | Unspecified vulnerability in Microsoft products Remote Registry Service Elevation of Privilege Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43533 | Microsoft | Unspecified vulnerability in Microsoft products Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43549 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43564 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43589 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43592 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43593 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43599 | Microsoft | Unspecified vulnerability in Microsoft products Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43607 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43608 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-43611 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
2024-10-08 | CVE-2024-47562 | Siemens | Command Injection vulnerability in Siemens Sinec Security Monitor A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). | 8.8 |
2024-10-08 | CVE-2024-34665 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0 Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. | 8.8 |
2024-10-08 | CVE-2024-34666 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0 Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. | 8.8 |
2024-10-08 | CVE-2024-34667 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0 Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. | 8.8 |
2024-10-08 | CVE-2024-34668 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0 Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. | 8.8 |
2024-10-08 | CVE-2024-34669 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0 Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. | 8.8 |
2024-10-08 | CVE-2024-8926 | PHP FPM | OS Command Injection vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. | 8.8 |
2024-10-07 | CVE-2024-45291 | Phpoffice | Server-Side Request Forgery (SSRF) vulnerability in PHPoffice PHPspreadsheet PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. | 8.8 |
2024-10-07 | CVE-2024-47558 | Xerox | Path Traversal vulnerability in Xerox Freeflow Core 7.0 Authenticated RCE via Path Traversal | 8.8 |
2024-10-07 | CVE-2024-47559 | Xerox | Path Traversal vulnerability in Xerox Freeflow Core 7.0 Authenticated RCE via Path Traversal | 8.8 |
2024-10-07 | CVE-2024-9570 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. | 8.8 |
2024-10-07 | CVE-2024-9568 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-07 | CVE-2024-9569 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. | 8.8 |
2024-10-07 | CVE-2024-9567 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-07 | CVE-2024-9566 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1 A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. | 8.8 |
2024-10-07 | CVE-2024-9564 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-605L Firmware 2.13B01 A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. | 8.8 |
2024-10-07 | CVE-2024-9565 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-605L Firmware 2.13B01 A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. | 8.8 |
2024-10-07 | CVE-2024-9563 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-605L Firmware 2.13B01 A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. | 8.8 |
2024-10-08 | CVE-2024-43584 | Microsoft | Unspecified vulnerability in Microsoft products Windows Scripting Engine Security Feature Bypass Vulnerability | 8.4 |
2024-10-08 | CVE-2024-8215 | Payara | Cross-site Scripting vulnerability in Payara Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. | 8.4 |
2024-10-10 | CVE-2024-47084 | Gradio Project | Unspecified vulnerability in Gradio Project Gradio Gradio is an open-source Python package designed for quick prototyping. | 8.3 |
2024-10-08 | CVE-2024-43574 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 8.3 |
2024-10-11 | CVE-2024-47490 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. | 8.2 | |
2024-10-07 | CVE-2024-43364 | Cacti | Cross-site Scripting vulnerability in Cacti Cacti is an open source performance and fault management framework. | 8.2 |
2024-10-07 | CVE-2024-43365 | Cacti | Cross-site Scripting vulnerability in Cacti 1.2.27 Cacti is an open source performance and fault management framework. | 8.2 |
2024-10-07 | CVE-2024-45051 | Discourse | Unspecified vulnerability in Discourse Discourse is an open source platform for community discussion. | 8.2 |
2024-10-07 | CVE-2024-33064 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure while parsing the multiple MBSSID IEs from the beacon. | 8.2 |
2024-10-07 | CVE-2024-33073 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | 8.2 |
2024-10-10 | CVE-2024-47870 | Gradio Project | Race Condition vulnerability in Gradio Project Gradio Gradio is an open-source Python package designed for quick prototyping. | 8.1 |
2024-10-10 | CVE-2024-45116 | Adobe | Cross-site Scripting vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. | 8.1 |
2024-10-10 | CVE-2024-8977 | Gitlab | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. | 8.1 |
2024-10-09 | CVE-2024-3656 | A flaw was found in Keycloak. | 8.1 | |
2024-10-08 | CVE-2024-38229 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 .NET and Visual Studio Remote Code Execution Vulnerability | 8.1 |
2024-10-08 | CVE-2024-43573 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 8.1 |
2024-10-08 | CVE-2024-43582 | Microsoft | Unspecified vulnerability in Microsoft products Remote Desktop Protocol Server Remote Code Execution Vulnerability | 8.1 |
2024-10-08 | CVE-2024-30092 | Windows Hyper-V Remote Code Execution Vulnerability | 8.0 | |
2024-10-08 | CVE-2024-43604 | Microsoft | Unspecified vulnerability in Microsoft Outlook 2016 Outlook for Android Elevation of Privilege Vulnerability | 8.0 |
2024-10-11 | CVE-2024-33578 | A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. | 7.8 | |
2024-10-11 | CVE-2024-33579 | A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | 7.8 | |
2024-10-11 | CVE-2024-33580 | A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | 7.8 | |
2024-10-11 | CVE-2024-33581 | A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | 7.8 | |
2024-10-11 | CVE-2024-33582 | A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. | 7.8 | |
2024-10-11 | CVE-2024-4089 | Lenovo | Uncontrolled Search Path Element vulnerability in Lenovo Superfile A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | 7.8 |
2024-10-11 | CVE-2024-4130 | Lenovo | Uncontrolled Search Path Element vulnerability in Lenovo APP Store A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | 7.8 |
2024-10-11 | CVE-2024-4131 | Lenovo | Uncontrolled Search Path Element vulnerability in Lenovo Emulator A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | 7.8 |
2024-10-11 | CVE-2024-4132 | Lenovo | Uncontrolled Search Path Element vulnerability in Lenovo Lock Screen A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | 7.8 |
2024-10-11 | CVE-2024-9046 | Lenovo | Uncontrolled Search Path Element vulnerability in Lenovo Starstudio A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | 7.8 |
2024-10-10 | CVE-2024-47962 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. | 7.8 |
2024-10-10 | CVE-2024-47963 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. | 7.8 |
2024-10-10 | CVE-2024-47964 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. | 7.8 |
2024-10-10 | CVE-2024-47965 | Deltaww | Out-of-bounds Read vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. | 7.8 |
2024-10-10 | CVE-2024-47966 | Deltaww | Use of Uninitialized Resource vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. | 7.8 |
2024-10-10 | CVE-2024-48957 | Libarchive | Out-of-bounds Read vulnerability in Libarchive execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 7.8 |
2024-10-10 | CVE-2024-48958 | Libarchive | Out-of-bounds Read vulnerability in Libarchive execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 7.8 |
2024-10-09 | CVE-2024-9473 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Globalprotect A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. | 7.8 |
2024-10-09 | CVE-2024-45136 | Adobe | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Incopy InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. | 7.8 |
2024-10-09 | CVE-2024-45137 | Adobe | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Indesign InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. | 7.8 |
2024-10-09 | CVE-2024-47421 | Adobe | Out-of-bounds Read vulnerability in Adobe Framemaker Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2024-10-09 | CVE-2024-47422 | Adobe | Untrusted Search Path vulnerability in Adobe Framemaker Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. | 7.8 |
2024-10-09 | CVE-2024-47423 | Adobe | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Framemaker Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. | 7.8 |
2024-10-09 | CVE-2024-47424 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe Framemaker Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47425 | Adobe | Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Framemaker Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47670 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. | 7.8 |
2024-10-09 | CVE-2024-7840 | Progress | Command Injection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 |
2024-10-09 | CVE-2024-8048 | Progress | Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | 7.8 |
2024-10-09 | CVE-2024-45138 | Adobe | Use After Free vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3/3.0.2 Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45139 | Adobe | Out-of-bounds Write vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3/3.0.2 Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45140 | Adobe | Out-of-bounds Write vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3/3.0.2 Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45141 | Adobe | Out-of-bounds Write vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3/3.0.2 Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45142 | Adobe | Unspecified vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3/3.0.2 Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45143 | Adobe | Out-of-bounds Write vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3/3.0.2 Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45144 | Adobe | Out-of-bounds Write vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3/3.0.2 Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45152 | Adobe | Out-of-bounds Write vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3/3.0.2 Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-46871 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmub_notification_type. | 7.8 |
2024-10-09 | CVE-2024-47410 | Adobe | Out-of-bounds Write vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47411 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47412 | Adobe | Use After Free vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47413 | Adobe | Use After Free vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47414 | Adobe | Use After Free vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47415 | Adobe | Use After Free vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47416 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47417 | Adobe | Out-of-bounds Write vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-47418 | Adobe | Use After Free vulnerability in Adobe Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45146 | Adobe | Use After Free vulnerability in Adobe Dimension Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-09 | CVE-2024-45150 | Adobe | Out-of-bounds Write vulnerability in Adobe Dimension Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-10-08 | CVE-2024-37979 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-37982 | Microsoft | Unspecified vulnerability in Microsoft products Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 7.8 |
2024-10-08 | CVE-2024-38261 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43497 | Microsoft | Unspecified vulnerability in Microsoft Deepspeed DeepSpeed Remote Code Execution Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43501 | Microsoft | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43503 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43504 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43505 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43509 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43514 | Microsoft | Unspecified vulnerability in Microsoft products Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43516 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43527 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 24H2 Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43528 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43551 | Microsoft | Unspecified vulnerability in Microsoft products Windows Storage Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43556 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43560 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43563 | Microsoft | Unspecified vulnerability in Microsoft products Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43572 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Management Console Remote Code Execution Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43576 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Long Term Servicing Channel Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43583 | Microsoft | Unspecified vulnerability in Microsoft products Winlogon Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43590 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2019 and Visual Studio 2022 Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | 7.8 |
2024-10-08 | CVE-2024-43616 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2024-10-08 | CVE-2024-8422 | Schneider Electric | Use After Free vulnerability in Schneider-Electric Zelio Soft 2 CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. | 7.8 |
2024-10-08 | CVE-2024-41902 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go A vulnerability has been identified in JT2Go (All versions < V2406.0003). | 7.8 |
2024-10-08 | CVE-2024-45463 | Siemens | Out-of-bounds Read vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45464 | Siemens | Out-of-bounds Read vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45465 | Siemens | Out-of-bounds Read vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45466 | Siemens | Out-of-bounds Read vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45467 | Siemens | Unspecified vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45468 | Siemens | Unspecified vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45469 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45470 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45471 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45472 | Siemens | Unspecified vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45473 | Siemens | Unspecified vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45474 | Siemens | Unspecified vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-08 | CVE-2024-45475 | Siemens | Unspecified vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 7.8 |
2024-10-07 | CVE-2024-21455 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. | 7.8 |
2024-10-07 | CVE-2024-23369 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. | 7.8 |
2024-10-07 | CVE-2024-33065 | Qualcomm | Unspecified vulnerability in Qualcomm products Memory corruption while taking snapshot when an offset variable is set by camera driver. | 7.8 |
2024-10-07 | CVE-2024-38399 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption while processing user packets to generate page faults. | 7.8 |
2024-10-07 | CVE-2024-43047 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption while maintaining memory maps of HLOS memory. | 7.8 |
2024-10-10 | CVE-2024-45117 | Adobe | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. | 7.6 |
2024-10-11 | CVE-2024-48938 | Znuny | Unspecified vulnerability in Znuny Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. | 7.5 |
2024-10-11 | CVE-2024-39547 | An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS). If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process. While not explicitly required, the impact is more severe when RIB sharding is enabled. Task accounting shows unexpected reads by the RPD Server jobs for shards: user@junos> show task accounting detail ... read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888\ This issue affects: Junos OS with cRPD: * All versions before 21.2R3-S8, * 21.4 before 21.4R3-S7, * 22.1 before 22.1R3-S6, * 22.2 before 22.2R3-S4, * 22.3 before 22.3R3-S3, * 22.4 before 22.4R3-S2, * 23.2 before 23.2R2-S2, * 24.2 before 24.2R2; Junos OS Evolved with cRPD: * All versions before 21.4R3-S7-EVO, * 22.2 before 22.2R3-S4-EVO, * 22.3 before 22.3R3-S3-EVO, * 22.4 before 22.4R3-S2-EVO, * 23.2 before 23.2R2-EVO. | 7.5 | |
2024-10-11 | CVE-2024-47497 | An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. | 7.5 | |
2024-10-11 | CVE-2024-47499 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R3-S8-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO. | 7.5 | |
2024-10-11 | CVE-2024-47502 | An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established. A continuously increasing number of connections shown by: user@host > show system connections is indicative of the problem. | 7.5 | |
2024-10-11 | CVE-2024-47504 | An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart. This issue affects Junos OS: * 22.1 releases 22.1R1 and later before 22.2R3-S5, * 22.3 releases before 22.3R3-S4, * 22.4 releases before 22.4R3-S4, * 23.2 releases before 23.2R2-S2, * 23.4 releases before 23.4R2-S1, * 24.2 releases before 24.2R1-S1, 24.2R2. Please note that the PR does indicate that earlier versions have been fixed as well, but these won't be adversely impacted by this. | 7.5 | |
2024-10-10 | CVE-2024-47868 | Gradio Project | Path Traversal vulnerability in Gradio Project Gradio Gradio is an open-source Python package designed for quick prototyping. | 7.5 |
2024-10-10 | CVE-2024-9797 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank System 1.0 A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. | 7.5 |
2024-10-10 | CVE-2024-6747 | Checkmk | Information Exposure vulnerability in Checkmk 2.1.0/2.2.0 Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | 7.5 |
2024-10-10 | CVE-2024-9156 | Templateinvaders | SQL Injection vulnerability in Templateinvaders TI Woocommerce Wishlist The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
2024-10-09 | CVE-2024-39515 | An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). | 7.5 | |
2024-10-09 | CVE-2024-39516 | An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). | 7.5 | |
2024-10-09 | CVE-2024-39525 | An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R2-EVO. | 7.5 | |
2024-10-09 | CVE-2024-46307 | Sparkshop | Unspecified vulnerability in Sparkshop A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products. | 7.5 |
2024-10-09 | CVE-2024-9463 | Paloaltonetworks | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 7.5 |
2024-10-08 | CVE-2024-38029 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2022 23H2 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 7.5 |
2024-10-08 | CVE-2024-38149 | Microsoft | Unspecified vulnerability in Microsoft products BranchCache Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-38262 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43483 | Microsoft | Unspecified vulnerability in Microsoft .Net and .Net Framework .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43484 | Microsoft | Unspecified vulnerability in Microsoft .Net and .Net Framework .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43485 | Microsoft | Unspecified vulnerability in Microsoft .Net .NET and Visual Studio Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43506 | Microsoft | Unspecified vulnerability in Microsoft products BranchCache Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43512 | Microsoft | Unspecified vulnerability in Microsoft products Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43515 | Microsoft | Unspecified vulnerability in Microsoft products Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43521 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43541 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43544 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43545 | Microsoft | Unspecified vulnerability in Microsoft products Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43562 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43565 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43567 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-43575 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Denial of Service Vulnerability | 7.5 |
2024-10-08 | CVE-2024-47007 | Ivanti | NULL Pointer Dereference vulnerability in Ivanti Avalanche A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
2024-10-08 | CVE-2024-47008 | Ivanti | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
2024-10-08 | CVE-2024-47011 | Ivanti | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | 7.5 |
2024-10-08 | CVE-2024-45230 | Djangoproject | Unspecified vulnerability in Djangoproject Django An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. | 7.5 |
2024-10-08 | CVE-2024-47948 | Jetbrains | Path Traversal vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | 7.5 |
2024-10-08 | CVE-2024-47949 | Jetbrains | Path Traversal vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | 7.5 |
2024-10-08 | CVE-2024-8927 | PHP FPM | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. | 7.5 |
2024-10-07 | CVE-2024-45290 | Phpoffice | Absolute Path Traversal vulnerability in PHPoffice PHPspreadsheet PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. | 7.5 |
2024-10-07 | CVE-2024-33049 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. | 7.5 |
2024-10-07 | CVE-2024-33069 | Qualcomm | Use After Free vulnerability in Qualcomm products Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. | 7.5 |
2024-10-07 | CVE-2024-33070 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while parsing ESP IE from beacon/probe response frame. | 7.5 |
2024-10-07 | CVE-2024-33071 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. | 7.5 |
2024-10-07 | CVE-2024-38397 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while parsing probe response and assoc response frame. | 7.5 |
2024-10-09 | CVE-2024-43610 | Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector | 7.4 | |
2024-10-08 | CVE-2024-43456 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Services Tampering Vulnerability | 7.4 |
2024-10-08 | CVE-2024-43550 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Channel Spoofing Vulnerability | 7.4 |
2024-10-10 | CVE-2024-9581 | Happyplugins | Code Injection vulnerability in Happyplugins Shortcodes Anywhere The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. | 7.3 |
2024-10-08 | CVE-2024-43529 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.3 |
2024-10-08 | CVE-2024-43552 | Microsoft | Unspecified vulnerability in Microsoft products Windows Shell Remote Code Execution Vulnerability | 7.3 |
2024-10-08 | CVE-2024-43571 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 24H2 Sudo for Windows Spoofing Vulnerability | 7.3 |
2024-10-08 | CVE-2024-47194 | Siemens | Uncontrolled Search Path Element vulnerability in Siemens Modelsim and Questa A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). | 7.3 |
2024-10-08 | CVE-2024-47195 | Siemens | Uncontrolled Search Path Element vulnerability in Siemens Modelsim and Questa A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). | 7.3 |
2024-10-08 | CVE-2024-47196 | Siemens | Uncontrolled Search Path Element vulnerability in Siemens Modelsim and Questa A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). | 7.3 |
2024-10-13 | CVE-2024-9918 | Usualtool | SQL Injection vulnerability in Usualtool Usualtoolcms 9.0 A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. | 7.2 |
2024-10-12 | CVE-2024-8757 | The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 | |
2024-10-10 | CVE-2024-9815 | Codezips | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Tourist Management System 1.0 A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. | 7.2 |
2024-10-10 | CVE-2024-9816 | Codezips | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Tourist Management System 1.0 A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. | 7.2 |
2024-10-10 | CVE-2024-9180 | Hashicorp | Unspecified vulnerability in Hashicorp Vault A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. | 7.2 |
2024-10-10 | CVE-2024-9790 | Lylme | SQL Injection vulnerability in Lylme Spage 1.9.5 A vulnerability was found in LyLme_spage 1.9.5. | 7.2 |
2024-10-10 | CVE-2024-9788 | Lylme | SQL Injection vulnerability in Lylme Spage 1.9.5 A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. | 7.2 |
2024-10-10 | CVE-2024-9789 | Lylme | SQL Injection vulnerability in Lylme Spage 1.9.5 A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. | 7.2 |
2024-10-10 | CVE-2024-9022 | Total Soft | SQL Injection vulnerability in Total-Soft TS Poll The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
2024-10-10 | CVE-2024-9519 | Wpuserplus | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. | 7.2 |
2024-10-09 | CVE-2024-8015 | Progress | Unsafe Reflection vulnerability in Progress Telerik Report Server In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | 7.2 |
2024-10-08 | CVE-2024-9379 | Ivanti | SQL Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | 7.2 |
2024-10-08 | CVE-2024-9380 | Ivanti | OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | 7.2 |
2024-10-08 | CVE-2024-9381 | Ivanti | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | 7.2 |
2024-10-08 | CVE-2024-45330 | Fortinet | Unspecified vulnerability in Fortinet Fortianalyzer and Fortianalyzer Cloud A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | 7.2 |
2024-10-07 | CVE-2024-43363 | Cacti | Code Injection vulnerability in Cacti Cacti is an open source performance and fault management framework. | 7.2 |
2024-10-13 | CVE-2024-6959 | Lollms | Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI 9.8 A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. | 7.1 |
2024-10-08 | CVE-2024-20659 | Windows Hyper-V Security Feature Bypass Vulnerability | 7.1 | |
2024-10-08 | CVE-2024-38097 | Microsoft | Unspecified vulnerability in Microsoft Azure Monitor Agent 1.26.0 Azure Monitor Agent Elevation of Privilege Vulnerability | 7.1 |
2024-10-08 | CVE-2024-43502 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.1 |
2024-10-08 | CVE-2024-43581 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 7.1 |
2024-10-08 | CVE-2024-43601 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Visual Studio Code for Linux Remote Code Execution Vulnerability | 7.1 |
2024-10-08 | CVE-2024-43615 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 7.1 |
2024-10-08 | CVE-2024-43511 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.0 |
2024-10-08 | CVE-2024-43522 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 22H2 and Windows 11 23H2 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.0 |
2024-10-08 | CVE-2024-43535 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.0 |
2024-10-08 | CVE-2024-43553 | Microsoft | Unspecified vulnerability in Microsoft products NT OS Kernel Elevation of Privilege Vulnerability | 7.0 |
2024-10-08 | CVE-2024-43570 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.0 |
224 Medium Vulnerabilities
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-10-10 | CVE-2024-47869 | Gradio Project | Information Exposure Through Discrepancy vulnerability in Gradio Project Gradio Gradio is an open-source Python package designed for quick prototyping. | 3.7 |
2024-10-08 | CVE-2024-45476 | Siemens | NULL Pointer Dereference vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 3.3 |
2024-10-08 | CVE-2024-9026 | PHP FPM | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. | 3.3 |
2024-10-10 | CVE-2024-45120 | Adobe | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. | 3.1 |
2024-10-10 | CVE-2024-45133 | Adobe | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. | 2.7 |
2024-10-10 | CVE-2024-45134 | Adobe | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. | 2.7 |
2024-10-10 | CVE-2024-45135 | Adobe | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 2.7 |
2024-10-09 | CVE-2024-7038 | Openwebui | Information Exposure Through an Error Message vulnerability in Openwebui Open Webui An information disclosure vulnerability exists in open-webui version 0.3.8. | 2.7 |