Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 29509 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37974 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-11-21 N/A 8.0 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37973 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-11-21 N/A 8.8 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37972 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-11-21 N/A 8.0 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37971 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-11-21 N/A 8.0 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37970 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-11-21 N/A 8.0 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37969 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-11-21 N/A 8.0 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37952 1 Themeenergy 1 Book Your Travel 2024-11-21 N/A 8.8 HIGH
Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.
CVE-2024-37887 1 Nextcloud 1 Nextcloud Server 2024-11-21 N/A 3.5 LOW
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.
CVE-2024-37884 1 Nextcloud 1 Nextcloud Server 2024-11-21 N/A 3.5 LOW
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.
CVE-2024-37883 1 Nextcloud 1 Deck 2024-11-21 N/A 4.3 MEDIUM
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
CVE-2024-37769 1 B1ackc4t 1 14finger 2024-11-21 N/A 8.8 HIGH
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.
CVE-2024-37768 1 B1ackc4t 1 14finger 2024-11-21 N/A 9.1 CRITICAL
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.
CVE-2024-37455 1 Brainstormforce 1 Ultimate Addons For Elementor 2024-11-21 N/A 8.8 HIGH
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.
CVE-2024-37391 2 Microsoft, Proton 2 Windows, Protonvpn 2024-11-21 N/A 7.8 HIGH
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
CVE-2024-37370 1 Mit 1 Kerberos 5 2024-11-21 N/A 7.5 HIGH
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
CVE-2024-37346 1 Absolute 1 Secure Access 2024-11-21 N/A 4.9 MEDIUM
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.
CVE-2024-37336 1 Microsoft 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more 2024-11-21 N/A 8.8 HIGH
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37334 1 Microsoft 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 2024-11-21 N/A 8.8 HIGH
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37333 1 Microsoft 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more 2024-11-21 N/A 8.8 HIGH
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37332 1 Microsoft 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more 2024-11-21 N/A 8.8 HIGH
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability