Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49087 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 4.6 MEDIUM |
|
Windows Mobile Broadband Driver Information Disclosure Vulnerability
|
|||||
| CVE-2024-49085 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-01-08 | N/A | 8.8 HIGH |
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-2961 | 1 Advancemame | 1 Advancecomp | 2025-01-07 | N/A | 3.3 LOW |
|
A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.
|
|||||
| CVE-2023-23583 | 3 Debian, Intel, Netapp | 443 Debian Linux, Core I3-1005g1, Core I3-1005g1 Firmware and 440 more | 2025-01-07 | N/A | 8.8 HIGH |
|
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
|
|||||
| CVE-2024-21442 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2025-01-07 | N/A | 7.8 HIGH |
|
Windows USB Print Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21259 | 1 Oracle | 1 Vm Virtualbox | 2025-01-07 | N/A | 7.5 HIGH |
|
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulne ...
Show More |
|||||
| CVE-2024-28906 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28908 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28909 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28910 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28911 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28912 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28913 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28914 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28915 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28917 | 1 Microsoft | 7 Azure Arc Extension Microsoft.azstackhci.operator, Azure Arc Extension Microsoft.azure.hybridnetwork, Azure Arc Extension Microsoft.azurekeyvaultsecretsprovider and 4 more | 2025-01-07 | N/A | 6.2 MEDIUM |
|
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
|
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
|
|||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
|
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.
|
|||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
|
|||||
| CVE-2023-2589 | 1 Gitlab | 1 Gitlab | 2025-01-07 | N/A | 5.9 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group.
|
|||||
| CVE-2023-2013 | 1 Gitlab | 1 Gitlab | 2025-01-07 | N/A | 2.6 LOW |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
|
|||||
| CVE-2023-2001 | 1 Gitlab | 1 Gitlab | 2025-01-07 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.
|
|||||
| CVE-2022-31693 | 2 Microsoft, Vmware | 2 Windows, Tools | 2025-01-07 | N/A | 5.5 MEDIUM |
|
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.
|
|||||
| CVE-2024-43577 | 1 Microsoft | 1 Edge Chromium | 2025-01-07 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-43416 | 1 Glpi-project | 1 Glpi | 2025-01-07 | N/A | 7.5 HIGH |
|
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue.
|
|||||
| CVE-2024-37147 | 1 Glpi-project | 1 Glpi | 2025-01-07 | N/A | 4.3 MEDIUM |
|
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.
|
|||||
| CVE-2024-52001 | 1 Combodo | 1 Itop | 2025-01-07 | N/A | 4.3 MEDIUM |
|
Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-49056 | 1 Microsoft | 1 Airlift Microsoft Com | 2025-01-07 | N/A | 7.3 HIGH |
|
Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2024-43613 | 1 Microsoft | 1 Azure Database For Postgresql Flexible Server | 2025-01-07 | N/A | 7.2 HIGH |
|
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49042 | 1 Microsoft | 1 Azure Database For Postgresql Flexible Server | 2025-01-07 | N/A | 7.2 HIGH |
|
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49025 | 1 Microsoft | 1 Edge Chromium | 2025-01-07 | N/A | 5.4 MEDIUM |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-37980 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft SQL Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43474 | 1 Microsoft | 2 Sql Server 2017, Sql Server 2019 | 2025-01-07 | N/A | 7.6 HIGH |
|
Microsoft SQL Server Information Disclosure Vulnerability
|
|||||
| CVE-2023-38946 | 1 Multilaser | 2 Re160, Re160 Firmware | 2025-01-07 | N/A | 8.8 HIGH |
|
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.
|
|||||
| CVE-2023-33781 | 1 Dlink | 2 Dir-842v2, Dir-842v2 Firmware | 2025-01-07 | N/A | 8.8 HIGH |
|
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.
|
|||||
| CVE-2023-33604 | 1 Imperial Cms Project | 1 Imperial Cms | 2025-01-07 | N/A | 9.1 CRITICAL |
|
Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request.
|
|||||
| CVE-2023-25174 | 1 Intel | 1 Chipset Device Software | 2025-01-07 | N/A | 6.7 MEDIUM |
|
Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-28739 | 1 Intel | 1 Chipset Device Software | 2025-01-07 | N/A | 6.7 MEDIUM |
|
Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-48755 | 1 Linux | 1 Linux Kernel | 2025-01-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
Johan reported the below crash with test_bpf on ppc64 e5500:
test_bpf: #296 ALU_END_FROM_LE 64: 0x0123456789abcdef -> 0x67452301 jited:1
Oops: Exception in kernel mode, sig: 4 [#1]
BE PAGE_SIZE=4K SMP NR_CPUS=24 QEMU e500
Modules linked in: test_bpf(+)
CPU: 0 PID: 76 Comm: insmod Not tainted 5.14.0-03771-g98c2059e008a-dirty #1
NIP: 8000000000061c ...
Show More |
|||||
| CVE-2022-48766 | 1 Linux | 1 Linux Kernel | 2025-01-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.
Mirrors the logic for dcn30. Cue lots of WARNs and some
kernel panics without this fix.
|
|||||