Total
28981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45835 | 1 Mattermost | 1 Mattermost Server | 2024-09-17 | N/A | 6.5 MEDIUM |
| Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. | |||||
| CVE-2024-8779 | 1 Syscomgo | 1 Omflow | 2024-09-17 | N/A | 8.8 HIGH |
| OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server. | |||||
| CVE-2024-43461 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-09-17 | N/A | 8.8 HIGH |
| Windows MSHTML Platform Spoofing Vulnerability | |||||
| CVE-2018-20802 | 1 Mongodb | 1 Mongodb | 2024-09-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3. | |||||
| CVE-2020-35166 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | |||||
| CVE-2020-7928 | 1 Mongodb | 1 Mongodb | 2024-09-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20. | |||||
| CVE-2020-12931 | 1 Amd | 215 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 212 more | 2024-09-17 | N/A | 7.8 HIGH |
| Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | |||||
| CVE-2020-12930 | 1 Amd | 219 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 216 more | 2024-09-17 | N/A | 7.8 HIGH |
| Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | |||||
| CVE-2024-42365 | 1 Asterisk | 2 Asterisk, Certified Asterisk | 2024-09-16 | N/A | 8.8 HIGH |
| Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. | |||||
| CVE-2020-7929 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. | |||||
| CVE-2024-0101 | 1 Nvidia | 7 Metrox-2, Metrox-3 Xc, Mlnx-gw and 4 more | 2024-09-16 | N/A | 7.5 HIGH |
| NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2023-7008 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2024-09-16 | N/A | 5.9 MEDIUM |
| A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | |||||
| CVE-2023-5764 | 2 Fedoraproject, Redhat | 7 Extra Packages For Enterprise Linux, Fedora, Ansible and 4 more | 2024-09-16 | N/A | 7.8 HIGH |
| A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. | |||||
| CVE-2019-20923 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7. | |||||
| CVE-2024-0408 | 4 Fedoraproject, Redhat, Tigervnc and 1 more | 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more | 2024-09-16 | N/A | 5.5 MEDIUM |
| A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. | |||||
| CVE-2024-27257 | 1 Ibm | 2 Openpages Grc Platform, Openpages With Watson | 2024-09-16 | N/A | 4.3 MEDIUM |
| IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. | |||||
| CVE-2023-5236 | 2 Infinispan, Redhat | 3 Infinispan, Data Grid, Jboss Data Grid | 2024-09-16 | N/A | 6.5 MEDIUM |
| A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. | |||||
| CVE-2023-3629 | 2 Infinispan, Redhat | 4 Infinispan, Data Grid, Jboss Data Grid and 1 more | 2024-09-16 | N/A | 6.5 MEDIUM |
| A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | |||||
| CVE-2023-3628 | 2 Infinispan, Redhat | 4 Infinispan, Data Grid, Jboss Data Grid and 1 more | 2024-09-16 | N/A | 6.5 MEDIUM |
| A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | |||||
| CVE-2023-24468 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 9.8 CRITICAL |
| Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 | |||||