Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7980 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | N/A | 7.8 HIGH |
|
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
|
|||||
| CVE-2024-41849 | 1 Adobe | 1 Experience Manager | 2024-08-26 | N/A | 4.1 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.
|
|||||
| CVE-2024-45258 | 2024-08-26 | N/A | 9.8 CRITICAL | ||
|
The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.
|
|||||
| CVE-2024-41976 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-08-23 | N/A | 8.8 HIGH |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANC ...
Show More |
|||||
| CVE-2020-11850 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-08-23 | N/A | 6.1 MEDIUM |
|
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
|
|||||
| CVE-2024-7977 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-22 | N/A | 7.8 HIGH |
|
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
|
|||||
| CVE-2024-25009 | 2024-08-20 | N/A | 6.5 MEDIUM | ||
|
Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation.
|
|||||
| CVE-2024-25008 | 2024-08-19 | N/A | 6.8 MEDIUM | ||
|
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability.
|
|||||
| CVE-2024-43373 | 2 J4k0xb, Microsoft | 2 Webcrack, Windows | 2024-08-16 | N/A | 7.8 HIGH |
|
webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to writ ...
Show More |
|||||
| CVE-2024-38196 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-15 | N/A | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38201 | 1 Microsoft | 1 Azure Stack Hub | 2024-08-15 | N/A | 7.0 HIGH |
|
Azure Stack Hub Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-37373 | 1 Ivanti | 1 Avalanche | 2024-08-15 | N/A | 7.2 HIGH |
|
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
|
|||||
| CVE-2024-34118 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
|
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-7515 | 2024-08-15 | N/A | N/A | ||
|
CVE-2024-7515 IMPACT
A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.
|
|||||
| CVE-2024-7507 | 2024-08-15 | N/A | N/A | ||
|
CVE-2024-7507 IMPACT
A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.
|
|||||
| CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 9.1 CRITICAL |
|
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.
|
|||||
| CVE-2024-21810 | 2024-08-14 | N/A | 8.8 HIGH | ||
|
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-1577 | 1 Lenovo | 1 Drivers Management | 2024-08-13 | N/A | 7.8 HIGH |
|
A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.
|
|||||
| CVE-2017-3772 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | N/A | 5.5 MEDIUM |
|
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.
|
|||||
| CVE-2024-40721 | 1 Changingtec | 1 Tcb Servisign | 2024-08-09 | N/A | 8.8 HIGH |
|
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.
|
|||||
| CVE-2024-40720 | 1 Changingtec | 1 Tcb Servisign | 2024-08-09 | N/A | 8.8 HIGH |
|
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands.
|
|||||
| CVE-2024-23483 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 9.8 CRITICAL |
|
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.
|
|||||
| CVE-2024-7005 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 4.3 MEDIUM |
|
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)
|
|||||
| CVE-2024-6915 | 2024-08-06 | N/A | 9.3 CRITICAL | ||
|
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.
|
|||||
| CVE-2008-2007 | 2023-11-07 | N/A | N/A | ||
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1035. Reason: This candidate is a reservation duplicate of CVE-2008-1035. Notes: All CVE users should reference CVE-2008-1035 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
|
|||||
| CVE-2007-6449 | 2023-11-07 | N/A | N/A | ||
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6121. Reason: This candidate is a duplicate of CVE-2007-6121. Notes: All CVE users should reference CVE-2007-6121 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
|
|||||
| CVE-2007-6448 | 2023-11-07 | N/A | N/A | ||
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
|
|||||
| CVE-2007-6445 | 2023-11-07 | N/A | N/A | ||
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6117. Reason: This candidate is a duplicate of CVE-2007-6117. Notes: All CVE users should reference CVE-2007-6117 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
|
|||||
| CVE-2007-6444 | 2023-11-07 | N/A | N/A | ||
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113, Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
|
|||||