Total
9729 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20804 | 1 Mongodb | 1 Mongodb | 2024-09-17 | 4.0 MEDIUM | 6.5 MEDIUM |
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13. | |||||
CVE-2020-7925 | 1 Mongodb | 1 Mongodb | 2024-09-17 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9. | |||||
CVE-2018-25004 | 1 Mongodb | 1 Mongodb | 2024-09-17 | 4.0 MEDIUM | 4.9 MEDIUM |
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11. | |||||
CVE-2021-20329 | 1 Mongodb | 1 Go Driver | 2024-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0. | |||||
CVE-2022-24037 | 1 Karmasis | 1 Infraskope Siem\+ | 2024-09-16 | N/A | 8.2 HIGH |
Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | |||||
CVE-2023-41061 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-09-16 | N/A | 7.8 HIGH |
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
CVE-2023-22515 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-09-16 | N/A | 9.8 CRITICAL |
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | |||||
CVE-2022-47966 | 1 Zohocorp | 22 Manageengine Access Manager Plus, Manageengine Ad360, Manageengine Adaudit Plus and 19 more | 2024-09-16 | N/A | 9.8 CRITICAL |
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active). | |||||
CVE-2021-20330 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. | |||||
CVE-2024-21829 | 2024-09-16 | N/A | 7.5 HIGH | ||
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-34545 | 2024-09-16 | N/A | 5.2 MEDIUM | ||
Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. | |||||
CVE-2024-21871 | 2024-09-16 | N/A | 7.5 HIGH | ||
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-21781 | 2024-09-16 | N/A | 7.2 HIGH | ||
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. | |||||
CVE-2024-41839 | 1 Adobe | 1 Experience Manager | 2024-09-16 | N/A | 3.5 LOW |
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | |||||
CVE-2024-5989 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-09-16 | N/A | 9.8 CRITICAL |
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | |||||
CVE-2024-5988 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-09-16 | N/A | 9.8 CRITICAL |
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | |||||
CVE-2024-5990 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-09-16 | N/A | 7.5 HIGH |
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | |||||
CVE-2024-6259 | 2024-09-14 | N/A | 7.6 HIGH | ||
BT: HCI: adv_ext_report Improper discarding in adv_ext_report | |||||
CVE-2024-6258 | 2024-09-14 | N/A | 6.8 MEDIUM | ||
BT: Missing length checks of net_buf in rfcomm_handle_data | |||||
CVE-2024-5931 | 2024-09-14 | N/A | 6.3 MEDIUM | ||
BT: Unchecked user input in bap_broadcast_assistant |