Total
9852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21507 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | |||||
| CVE-2024-21476 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Memory corruption when the channel ID passed by user is not validated and further used. | |||||
| CVE-2024-21473 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Memory corruption while redirecting log file to any file location with any file name. | |||||
| CVE-2024-21453 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Transient DOS while decoding message of size that exceeds the available system memory. | |||||
| CVE-2024-21452 | 2024-11-21 | N/A | 7.3 HIGH | ||
| Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. | |||||
| CVE-2024-21448 | 2024-11-21 | N/A | 5.0 MEDIUM | ||
| Microsoft Teams for Android Information Disclosure Vulnerability | |||||
| CVE-2024-21413 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 9.8 CRITICAL |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-21388 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2024-21374 | 1 Microsoft | 1 Teams | 2024-11-21 | N/A | 5.0 MEDIUM |
| Microsoft Teams for Android Information Disclosure Vulnerability | |||||
| CVE-2024-21319 | 1 Microsoft | 3 .net, Identity Model, Visual Studio 2022 | 2024-11-21 | N/A | 6.8 MEDIUM |
| Microsoft Identity Denial of service vulnerability | |||||
| CVE-2024-21316 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| Windows Server Key Distribution Service Security Feature Bypass | |||||
| CVE-2024-21315 | 1 Microsoft | 14 Defender For Endpoint, Windows 10 1507, Windows 10 1607 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | |||||
| CVE-2024-21312 | 1 Microsoft | 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2024-21304 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| Trusted Compute Base Elevation of Privilege Vulnerability | |||||
| CVE-2024-20758 | 2024-11-21 | N/A | 9.0 CRITICAL | ||
| Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. | |||||
| CVE-2024-20733 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20684 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-20670 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Outlook for Windows Spoofing Vulnerability | |||||
| CVE-2024-20666 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.6 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2024-20405 | 1 Cisco | 1 Finesse | 2024-11-21 | N/A | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device. | |||||