Total
9764 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-38196 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-15 | N/A | 7.8 HIGH |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
CVE-2024-38201 | 1 Microsoft | 1 Azure Stack Hub | 2024-08-15 | N/A | 7.0 HIGH |
Azure Stack Hub Elevation of Privilege Vulnerability | |||||
CVE-2024-37373 | 1 Ivanti | 1 Avalanche | 2024-08-15 | N/A | 7.2 HIGH |
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | |||||
CVE-2024-34118 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-7515 | 2024-08-15 | N/A | N/A | ||
CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller. | |||||
CVE-2024-7507 | 2024-08-15 | N/A | N/A | ||
CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller. | |||||
CVE-2023-23397 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-14 | N/A | 9.8 CRITICAL |
Microsoft Outlook Elevation of Privilege Vulnerability | |||||
CVE-2023-47003 | 1 Redislabs | 1 Redisgraph | 2024-08-14 | N/A | 9.8 CRITICAL |
An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | |||||
CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 9.1 CRITICAL |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | |||||
CVE-2023-34424 | 2024-08-14 | N/A | 4.4 MEDIUM | ||
Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2024-21810 | 2024-08-14 | N/A | 8.8 HIGH | ||
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-31366 | 2024-08-14 | N/A | 3.3 LOW | ||
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | |||||
CVE-2023-36563 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-08-14 | N/A | 5.5 MEDIUM |
Microsoft WordPad Information Disclosure Vulnerability | |||||
CVE-2022-2856 | 5 Apple, Fedoraproject, Google and 2 more | 6 Macos, Fedora, Android and 3 more | 2024-08-14 | N/A | 6.5 MEDIUM |
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | |||||
CVE-2023-31339 | 2024-08-14 | N/A | 4.8 MEDIUM | ||
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service. | |||||
CVE-2024-23600 | 2024-08-13 | N/A | 2.7 LOW | ||
Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. | |||||
CVE-2023-1577 | 1 Lenovo | 1 Drivers Management | 2024-08-13 | N/A | 7.8 HIGH |
A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges. | |||||
CVE-2017-3772 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | N/A | 5.5 MEDIUM |
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot. | |||||
CVE-2024-3938 | 1 Dotcms | 1 Dotcms | 2024-08-13 | N/A | 6.1 MEDIUM |
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator | |||||
CVE-2023-26293 | 1 Siemens | 1 Tia Portal | 2024-08-13 | N/A | 7.3 HIGH |
A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. |