Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2476 | 1 Syscp Project | 1 Syscp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.
|
|||||
| CVE-2010-2473 | 1 Drupal | 1 Drupal | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
|
|||||
| CVE-2010-2449 | 1 Gource | 1 Gource | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.
|
|||||
| CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
gitolite before 1.4.1 does not filter src/ or hooks/ from path names.
|
|||||
| CVE-2010-2446 | 1 Ruby-rbot | 1 Rbot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Rbot Reaction plugin allows command execution
|
|||||
| CVE-2010-2243 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.
|
|||||
| CVE-2010-2061 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.
|
|||||
| CVE-2010-1678 | 1 Osgeo | 1 Mapserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
|
|||||
| CVE-2010-0748 | 3 Debian, Linux, Transmissionbt | 3 Debian Linux, Linux Kernel, Transmission | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
|
|||||
| CVE-2009-5158 | 1 Sumo | 1 Google Analyticator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.
|
|||||
| CVE-2009-5050 | 1 Konversation | 1 Konversation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
konversation before 1.2.3 allows attackers to cause a denial of service.
|
|||||
| CVE-2009-5004 | 1 Apache | 1 Qpid-cpp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .
|
|||||
| CVE-2009-3614 | 2 Debian, Noping | 2 Debian Linux, Liboping | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
liboping 1.3.2 allows users reading arbitrary files upon the local system.
|
|||||
| CVE-2007-6763 | 1 Sas | 1 Sas Drug Development | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
|
|||||
| CVE-2005-4890 | 3 Debian, Redhat, Sudo Project | 4 Debian Linux, Shadow, Enterprise Linux and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
|
|||||
| CVE-2002-2444 | 1 Snoopy Project | 1 Snoopy | 2024-11-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Snoopy before 2.0.0 has a security hole in exec cURL
|
|||||
| CVE-2024-41167 | 1 Intel | 2 M10jnp2sb, M10jnp2sb Firmware | 2024-11-19 | N/A | 6.7 MEDIUM |
|
Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-34752 | 2024-11-18 | N/A | 6.7 MEDIUM | ||
|
A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute command ...
Show More |
|||||
| CVE-2024-0793 | 2024-11-18 | N/A | 7.7 HIGH | ||
|
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
|
|||||
| CVE-2024-49033 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-16 | N/A | 7.5 HIGH |
|
Microsoft Word Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-21949 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 5.5 MEDIUM |
|
Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.
|
|||||
| CVE-2024-21974 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 7.8 HIGH |
|
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
|
|||||
| CVE-2024-21975 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 7.8 HIGH |
|
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
|
|||||
| CVE-2024-33611 | 2024-11-15 | N/A | 3.4 LOW | ||
|
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2024-33624 | 2024-11-15 | N/A | 4.3 MEDIUM | ||
|
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access.
|
|||||
| CVE-2024-39811 | 2024-11-15 | N/A | 6.3 MEDIUM | ||
|
Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-36282 | 2024-11-15 | N/A | 8.2 HIGH | ||
|
Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-31158 | 2024-11-15 | N/A | 7.5 HIGH | ||
|
Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-32048 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
|
Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2024-28028 | 2024-11-15 | N/A | 7.5 HIGH | ||
|
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
|
|||||
| CVE-2024-36284 | 2024-11-15 | N/A | 5.5 MEDIUM | ||
|
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
|
|||||
| CVE-2024-24984 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
|
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2024-31154 | 2024-11-15 | N/A | 7.5 HIGH | ||
|
Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-2232 | 2024-11-15 | N/A | 7.5 HIGH | ||
|
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
|
|||||
| CVE-2024-49774 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | N/A | 7.2 HIGH |
|
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. ...
Show More |
|||||
| CVE-2024-50333 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | N/A | 8.8 HIGH |
|
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-50557 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-11-13 | N/A | 9.8 CRITICAL |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA ...
Show More |
|||||
| CVE-2024-10944 | 2024-11-13 | N/A | 8.4 HIGH | ||
|
A Remote
Code Execution vulnerability exists in the affected product. The vulnerability requires
a high level of permissions and exists due to improper input validation resulting
in the possibility of a malicious Updated Agent being deployed.
|
|||||
| CVE-2024-8936 | 2024-11-13 | N/A | 6.5 MEDIUM | ||
|
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory
after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper
with memory.
|
|||||
| CVE-2024-37365 | 2024-11-12 | N/A | 7.3 HIGH | ||
|
A remote code execution vulnerability exists in the affected
product. The vulnerability allows users to save projects within the public
directory allowing anyone with local access to modify and/or delete files. Additionally,
a malicious user could potentially leverage this vulnerability to escalate
their privileges by changing the macro to execute arbitrary code.
|
|||||