Total
29509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21195 | 1 Oracle | 1 Bi Publisher | 2024-10-18 | N/A | 7.6 HIGH |
| Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). | |||||
| CVE-2024-21194 | 1 Oracle | 1 Mysql | 2024-10-18 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-21193 | 1 Oracle | 1 Mysql | 2024-10-18 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-21192 | 1 Oracle | 1 Fusion Middleware | 2024-10-18 | N/A | 4.4 MEDIUM |
| Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2024-43609 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-10-17 | N/A | 6.5 MEDIUM |
| Microsoft Office Spoofing Vulnerability | |||||
| CVE-2024-43497 | 1 Microsoft | 1 Deepspeed | 2024-10-17 | N/A | 7.8 HIGH |
| DeepSpeed Remote Code Execution Vulnerability | |||||
| CVE-2024-43480 | 2 Linux, Microsoft | 2 Linux Kernel, Azure Service Fabric | 2024-10-17 | N/A | 6.6 MEDIUM |
| Azure Service Fabric for Linux Remote Code Execution Vulnerability | |||||
| CVE-2024-6757 | 1 Elementor | 1 Website Builder | 2024-10-17 | N/A | 4.3 MEDIUM |
| The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts. | |||||
| CVE-2024-43501 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-17 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-43500 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2024-10-17 | N/A | 5.5 MEDIUM |
| Windows Resilient File System (ReFS) Information Disclosure Vulnerability | |||||
| CVE-2024-43502 | 1 Microsoft | 4 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 1 more | 2024-10-17 | N/A | 7.1 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-9970 | 1 Newtype | 1 Flowmaster Bpm Plus | 2024-10-17 | N/A | 8.8 HIGH |
| The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie. | |||||
| CVE-2024-9964 | 1 Google | 1 Chrome | 2024-10-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2024-43503 | 1 Microsoft | 1 Sharepoint Server | 2024-10-17 | N/A | 7.8 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2024-43506 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-17 | N/A | 7.5 HIGH |
| BranchCache Denial of Service Vulnerability | |||||
| CVE-2024-43508 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2024-10-17 | N/A | 5.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2024-43509 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-17 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2024-43511 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-10-17 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-9966 | 1 Google | 1 Chrome | 2024-10-17 | N/A | 5.3 MEDIUM |
| Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-9965 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-10-17 | N/A | 8.8 HIGH |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | |||||