Total
4422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4181 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.
|
|||||
| CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.
|
|||||
| CVE-2009-5151 | 1 Absolute | 1 Computrace Agent | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes.
|
|||||
| CVE-2009-5150 | 1 Absolute | 1 Computrace Agent | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This allows a privileged local user to execute arbitrary code even after that user loses access and all disk partitions are reformatted.
|
|||||
| CVE-2024-33027 | 1 Qualcomm | 180 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 177 more | 2024-11-20 | N/A | 7.8 HIGH |
|
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
|
|||||
| CVE-2024-39609 | 1 Intel | 2 Server Board M70klp2sb, Server Board M70klp2sb Firmware | 2024-11-19 | N/A | 6.7 MEDIUM |
|
Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-11211 | 1 Eyoucms | 1 Eyoucms | 2024-11-19 | 5.8 MEDIUM | 7.2 HIGH |
|
A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2021-3987 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | N/A | 4.3 MEDIUM |
|
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
|
|||||
| CVE-2024-11214 | 1 Mayurik | 1 Best Employee Management System | 2024-11-19 | 5.8 MEDIUM | 7.2 HIGH |
|
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes.
|
|||||
| CVE-2024-43530 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more | 2024-11-19 | N/A | 7.8 HIGH |
|
Windows Update Stack Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49049 | 1 Microsoft | 1 Remote Ssh | 2024-11-18 | N/A | 7.1 HIGH |
|
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-10993 | 1 Codezips | 1 Online Institute Management System | 2024-11-18 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10994 | 1 Codezips | 1 Online Institute Management System | 2024-11-18 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-49044 | 1 Microsoft | 1 Visual Studio 2022 | 2024-11-16 | N/A | 6.7 MEDIUM |
|
Visual Studio Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-29077 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
|
Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-27200 | 2024-11-15 | N/A | 4.4 MEDIUM | ||
|
Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-32044 | 2024-11-15 | N/A | 6.8 MEDIUM | ||
|
Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
|
|||||
| CVE-2024-39285 | 2024-11-15 | N/A | 5.3 MEDIUM | ||
|
Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access.
|
|||||
| CVE-2024-29085 | 2024-11-15 | N/A | 5.5 MEDIUM | ||
|
Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
|
|||||
| CVE-2024-34022 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
|
Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-11054 | 1 Oretnom23 | 1 Simple Music Cloud Community System | 2024-11-14 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-50558 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-11-13 | N/A | 4.3 MEDIUM |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA ...
Show More |
|||||
| CVE-2024-50353 | 1 Iowacomputergurus | 1 Aspnetcore.utilities.cloudstorage | 2024-11-13 | N/A | 5.3 MEDIUM |
|
ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. This issue was resolved in version 8.0.0 of the library.
|
|||||
| CVE-2024-45397 | 1 Dena | 1 H2o | 2024-11-12 | N/A | 7.5 HIGH |
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerabili ...
Show More |
|||||
| CVE-2024-9576 | 1 Workbooth Project | 1 Workbooth | 2024-11-12 | N/A | 7.8 HIGH |
|
Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.
|
|||||
| CVE-2024-10916 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-51988 | 2024-11-08 | N/A | 6.5 MEDIUM | ||
|
RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP API access. could delete queues it had no (deletion) permissions for. This issue has been addressed in version 3.12.11 of the open source rabbitMQ release and in versions 1.5.2, 3.13.0, and 4.0.0 of ...
Show More |
|||||
| CVE-2023-29121 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 8.8 HIGH |
|
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
|
|||||
| CVE-2023-29115 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 6.5 MEDIUM |
|
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).
|
|||||
| CVE-2024-38204 | 1 Microsoft | 1 Azure Functions | 2024-11-08 | N/A | 6.5 MEDIUM |
|
Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2024-7429 | 1 Katieseaborn | 1 Zotpress | 2024-11-08 | N/A | 4.3 MEDIUM |
|
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings.
|
|||||
| CVE-2024-10766 | 1 Codezips | 1 Free Exam Hall Seating Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names.
|
|||||
| CVE-2024-10765 | 1 Codezips | 1 Online Institute Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10764 | 1 Codezips | 1 Online Institute Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-39772 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-01 | N/A | 5.3 MEDIUM |
|
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
|
|||||
| CVE-2024-7424 | 2024-11-01 | N/A | 5.4 MEDIUM | ||
|
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects.
|
|||||
| CVE-2024-47481 | 1 Dell | 1 Data Lakehouse | 2024-10-31 | N/A | 6.5 MEDIUM |
|
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.
|
|||||
| CVE-2024-10353 | 1 Oretnom23 | 1 Online Exam System | 2024-10-30 | 6.5 MEDIUM | 7.2 HIGH |
|
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This affects a different product and is a different issue than CVE-2024-40480.
|
|||||
| CVE-2024-48925 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | N/A | 6.5 MEDIUM |
|
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.
|
|||||
| CVE-2024-9692 | 2024-10-25 | N/A | N/A | ||
|
VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations.
|
|||||