Total
29509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44164 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-26 | N/A | 7.1 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-44165 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-26 | N/A | 7.5 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel. | |||||
| CVE-2024-46728 | 1 Linux | 1 Linux Kernel | 2024-09-26 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index for aux_rd_interval before using aux_rd_interval has size of 7 and should be checked. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. | |||||
| CVE-2024-43491 | 1 Microsoft | 1 Windows 10 1507 | 2024-09-26 | N/A | 9.8 CRITICAL |
| Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. | |||||
| CVE-2024-38183 | 1 Microsoft | 1 Groupme | 2024-09-25 | N/A | 8.8 HIGH |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | |||||
| CVE-2024-27875 | 1 Apple | 1 Macos | 2024-09-25 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly. | |||||
| CVE-2024-40840 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-25 | N/A | 4.6 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data. | |||||
| CVE-2024-8253 | 1 Pickplugins | 1 Post Grid | 2024-09-25 | N/A | 8.8 HIGH |
| The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator. | |||||
| CVE-2024-43460 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-09-25 | N/A | 8.8 HIGH |
| Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-46942 | 1 Opendaylight | 1 Model-driven Service Abstraction Layer | 2024-09-25 | N/A | 6.5 MEDIUM |
| In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. | |||||
| CVE-2024-8853 | 1 Medialibs | 1 Webo-facto | 2024-09-25 | N/A | 9.8 CRITICAL |
| The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'. | |||||
| CVE-2024-46983 | 1 Antfin | 1 Sofa-hessian | 2024-09-25 | N/A | 9.8 CRITICAL |
| sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. This issue is fixed by an update to the blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue. Users unable to upgrade may maintain a blacklist themselves in the directory `external/serialize.blacklist`. | |||||
| CVE-2024-45807 | 1 Envoyproxy | 1 Envoy | 2024-09-25 | N/A | 7.5 HIGH |
| Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2024-45752 | 1 Pixlone | 1 Logiops | 2024-09-25 | N/A | 7.3 HIGH |
| logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction. | |||||
| CVE-2024-40838 | 1 Apple | 1 Macos | 2024-09-25 | N/A | 3.3 LOW |
| A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device. | |||||
| CVE-2024-44124 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-25 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing. | |||||
| CVE-2024-40856 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-25 | N/A | 7.5 HIGH |
| An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network. | |||||
| CVE-2024-40860 | 1 Apple | 1 Macos | 2024-09-25 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-40863 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-25 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information. | |||||
| CVE-2024-44125 | 1 Apple | 1 Macos | 2024-09-25 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information. | |||||