Total
9725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20330 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. | |||||
| CVE-2024-21829 | 2024-09-16 | N/A | 7.5 HIGH | ||
| Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-34545 | 2024-09-16 | N/A | 5.2 MEDIUM | ||
| Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2024-21871 | 2024-09-16 | N/A | 7.5 HIGH | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21781 | 2024-09-16 | N/A | 7.2 HIGH | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. | |||||
| CVE-2024-44094 | 2024-09-16 | N/A | 7.4 HIGH | ||
| In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-41839 | 1 Adobe | 1 Experience Manager | 2024-09-16 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-5989 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-09-16 | N/A | 9.8 CRITICAL |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | |||||
| CVE-2024-5988 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-09-16 | N/A | 9.8 CRITICAL |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | |||||
| CVE-2024-5990 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-09-16 | N/A | 7.5 HIGH |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | |||||
| CVE-2024-6259 | 2024-09-14 | N/A | 7.6 HIGH | ||
| BT: HCI: adv_ext_report Improper discarding in adv_ext_report | |||||
| CVE-2024-6258 | 2024-09-14 | N/A | 6.8 MEDIUM | ||
| BT: Missing length checks of net_buf in rfcomm_handle_data | |||||
| CVE-2024-5931 | 2024-09-14 | N/A | 6.3 MEDIUM | ||
| BT: Unchecked user input in bap_broadcast_assistant | |||||
| CVE-2024-6137 | 2024-09-14 | N/A | 7.6 HIGH | ||
| BT: Classic: SDP OOB access in get_att_search_list | |||||
| CVE-2024-45058 | 1 Portabilis | 1 I-educar | 2024-09-13 | N/A | 8.1 HIGH |
| i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue. | |||||
| CVE-2023-22515 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-09-13 | N/A | 9.8 CRITICAL |
| Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | |||||
| CVE-2023-41061 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-09-13 | N/A | 7.8 HIGH |
| A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2022-47966 | 1 Zohocorp | 23 Application Control Plus, Manageengine Access Manager Plus, Manageengine Ad360 and 20 more | 2024-09-13 | N/A | 9.8 CRITICAL |
| Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active). | |||||
| CVE-2021-38122 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 8.2 HIGH |
| A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | |||||
| CVE-2024-43455 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-13 | N/A | 9.8 CRITICAL |
| Windows Remote Desktop Licensing Service Spoofing Vulnerability | |||||