Total
9851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27912 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. | |||||
| CVE-2024-27909 | 2024-11-21 | N/A | 4.9 MEDIUM | ||
| A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot. | |||||
| CVE-2024-27896 | 2024-11-21 | N/A | N/A | ||
| Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity. | |||||
| CVE-2024-27894 | 2024-11-21 | N/A | 8.5 HIGH | ||
| The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. The updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: "additionalEnabledConnectorUrlPatterns" and "additionalEnabledFunctionsUrlPatterns". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation. | |||||
| CVE-2024-27447 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| pretix before 2024.1.1 mishandles file validation. | |||||
| CVE-2024-27386 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite. | |||||
| CVE-2024-27385 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite. | |||||
| CVE-2024-27254 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813. | |||||
| CVE-2024-27241 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2024-27240 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access. | |||||
| CVE-2024-27201 | 2024-11-21 | N/A | 4.9 MEDIUM | ||
| An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2024-27135 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. | |||||
| CVE-2024-27092 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6. | |||||
| CVE-2024-26253 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Windows rndismp6.sys Remote Code Execution Vulnerability | |||||
| CVE-2024-26240 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-26197 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | |||||
| CVE-2024-26189 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-26181 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| Windows Kernel Denial of Service Vulnerability | |||||
| CVE-2024-26173 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-26170 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | |||||