Total
29509 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-37974 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-37973 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-37972 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-37971 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-37970 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-37969 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-37952 | 1 Themeenergy | 1 Book Your Travel | 2024-11-21 | N/A | 8.8 HIGH |
Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17. | |||||
CVE-2024-37887 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1. | |||||
CVE-2024-37884 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3. | |||||
CVE-2024-37883 | 1 Nextcloud | 1 Deck | 2024-11-21 | N/A | 4.3 MEDIUM |
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1. | |||||
CVE-2024-37769 | 1 B1ackc4t | 1 14finger | 2024-11-21 | N/A | 8.8 HIGH |
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. | |||||
CVE-2024-37768 | 1 B1ackc4t | 1 14finger | 2024-11-21 | N/A | 9.1 CRITICAL |
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. | |||||
CVE-2024-37455 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2024-11-21 | N/A | 8.8 HIGH |
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31. | |||||
CVE-2024-37391 | 2 Microsoft, Proton | 2 Windows, Protonvpn | 2024-11-21 | N/A | 7.8 HIGH |
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. | |||||
CVE-2024-37370 | 1 Mit | 1 Kerberos 5 | 2024-11-21 | N/A | 7.5 HIGH |
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. | |||||
CVE-2024-37346 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 4.9 MEDIUM |
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high. | |||||
CVE-2024-37336 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | |||||
CVE-2024-37334 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2024-11-21 | N/A | 8.8 HIGH |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
CVE-2024-37333 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | |||||
CVE-2024-37332 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |