Total
9851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26164 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26127 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-26126 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-26002 | 2024-11-21 | N/A | 7.8 HIGH | ||
| An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. | |||||
| CVE-2024-26001 | 2024-11-21 | N/A | 7.4 HIGH | ||
| An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | |||||
| CVE-2024-26000 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | |||||
| CVE-2024-25999 | 2024-11-21 | N/A | 8.4 HIGH | ||
| An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. | |||||
| CVE-2024-25998 | 2024-11-21 | N/A | 7.3 HIGH | ||
| An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | |||||
| CVE-2024-25997 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. | |||||
| CVE-2024-25994 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | |||||
| CVE-2024-25970 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity. | |||||
| CVE-2024-25942 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | |||||
| CVE-2024-25656 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product. | |||||
| CVE-2024-25641 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. | |||||
| CVE-2024-25590 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. | |||||
| CVE-2024-25583 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. | |||||
| CVE-2024-25581 | 2024-11-21 | N/A | 7.5 HIGH | ||
| When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default. | |||||
| CVE-2024-25290 | 2024-11-21 | N/A | 8.0 HIGH | ||
| An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function. | |||||
| CVE-2024-25116 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | |||||
| CVE-2024-25090 | 1 Apache | 1 Roller | 2024-11-21 | N/A | 5.4 MEDIUM |
| Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue. | |||||