Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28578 | 2024-04-12 | N/A | 9.3 CRITICAL | ||
Memory corruption in Core Services while executing the command for removing a single event listener. | |||||
CVE-2024-21473 | 2024-04-12 | N/A | 9.8 CRITICAL | ||
Memory corruption while redirecting log file to any file location with any file name. | |||||
CVE-2024-21453 | 2024-04-12 | N/A | 7.5 HIGH | ||
Transient DOS while decoding message of size that exceeds the available system memory. | |||||
CVE-2024-21452 | 2024-04-12 | N/A | 7.3 HIGH | ||
Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. | |||||
CVE-2023-33100 | 2024-04-12 | N/A | 7.5 HIGH | ||
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification. | |||||
CVE-2023-33099 | 2024-04-12 | N/A | 7.5 HIGH | ||
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. | |||||
CVE-2024-26197 | 2024-04-11 | N/A | 6.5 MEDIUM | ||
Windows Standards-Based Storage Management Service Denial of Service Vulnerability | |||||
CVE-2024-26164 | 2024-04-11 | N/A | 8.8 HIGH | ||
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | |||||
CVE-2024-3385 | 2024-04-10 | N/A | 7.5 HIGH | ||
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls | |||||
CVE-2024-3101 | 2024-04-10 | N/A | 6.7 MEDIUM | ||
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access. | |||||
CVE-2024-20670 | 2024-04-10 | N/A | 8.1 HIGH | ||
Outlook for Windows Spoofing Vulnerability | |||||
CVE-2024-26240 | 2024-04-10 | N/A | 8.0 HIGH | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-25116 | 2024-04-10 | N/A | 5.5 MEDIUM | ||
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | |||||
CVE-2024-26189 | 2024-04-10 | N/A | 8.0 HIGH | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-26253 | 2024-04-10 | N/A | 6.8 MEDIUM | ||
Windows rndismp6.sys Remote Code Execution Vulnerability | |||||
CVE-2024-28897 | 2024-04-10 | N/A | 6.8 MEDIUM | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-20758 | 2024-04-10 | N/A | 9.0 CRITICAL | ||
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. | |||||
CVE-2018-7761 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-04-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. | |||||
CVE-2021-22787 | 1 Schneider-electric | 28 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 25 more | 2024-04-10 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | |||||
CVE-2015-6461 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-04-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. |