Total
9852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1355 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 9.1 CRITICAL |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-1354 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 8.0 HIGH |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-0763 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization. | |||||
| CVE-2024-0161 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | |||||
| CVE-2024-0158 | 1 Dell | 776 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 773 more | 2024-11-21 | N/A | 5.1 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges | |||||
| CVE-2024-0080 | 2024-11-21 | N/A | 2.8 LOW | ||
| NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service. | |||||
| CVE-2024-0057 | 1 Microsoft | 17 .net, .net Framework, Powershell and 14 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | |||||
| CVE-2024-0045 | 2024-11-21 | N/A | 7.5 HIGH | ||
| In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0031 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0021 | 2024-11-21 | N/A | 7.0 HIGH | ||
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-11-21 | N/A | 5.0 MEDIUM |
| Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | |||||
| CVE-2023-7240 | 2024-11-21 | N/A | 5.8 MEDIUM | ||
| An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. | |||||
| CVE-2023-7012 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2023-6835 | 1 Wso2 | 2 Api Manager, Iot Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. | |||||
| CVE-2023-6395 | 2 Fedoraproject, Rpm-software-management | 3 Extra Packages For Enterprise Linux, Fedora, Mock | 2024-11-21 | N/A | 6.7 MEDIUM |
| The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server. | |||||
| CVE-2023-5832 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | |||||
| CVE-2023-5624 | 1 Tenable | 1 Nessus Network Monitor | 2024-11-21 | N/A | 7.2 HIGH |
| Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection. | |||||
| CVE-2023-5571 | 1 Vrite | 1 Vrite | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0. | |||||
| CVE-2023-5397 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-5275 | 1 Mitsubishielectric | 1 Gx Works2 | 2024-11-21 | N/A | 2.5 LOW |
| Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. | |||||