Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39353 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 2.7 LOW |
|
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.
|
|||||
| CVE-2024-39322 | 1 Aimeos Project | 1 Ai-controller-frontend | 2024-11-21 | N/A | 5.5 MEDIUM |
|
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.
|
|||||
| CVE-2024-39202 | 1 Dlink | 2 Dir-823x Ax3000, Dir-823x Ax3000 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.
|
|||||
| CVE-2024-39028 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
|
|||||
| CVE-2024-38662 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Allow delete from sockmap/sockhash only if update is allowed
We have seen an influx of syzkaller reports where a BPF program attached to
a tracepoint triggers a locking rule violation by performing a map_delete
on a sockmap/sockhash.
We don't intend to support this artificial use scenario. Extend the
existing verifier allowed-program-type check for updating sockmap/sockhash
to also cover deleting from a map.
From now on ...
Show More |
|||||
| CVE-2024-38590 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Modify the print level of CQE error
Too much print may lead to a panic in kernel. Change ibdev_err() to
ibdev_err_ratelimited(), and change the printing level of cqe dump
to debug level.
|
|||||
| CVE-2024-38462 | 1 Irods | 1 Irods | 2024-11-21 | N/A | 9.8 CRITICAL |
|
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.
|
|||||
| CVE-2024-38368 | 1 Cocoapods | 1 Trunk.cocoapods.org | 2024-11-21 | N/A | 9.3 CRITICAL |
|
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all owners removed from a pod, and that made the pod available for the same claiming system. This was patched server-side in commit 71be5440906b6bdfbc0bcc7f8a9fec33367ea0f4 in September 2023.
|
|||||
| CVE-2024-38301 | 1 Dell | 1 Alienware Command Center | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
|
|||||
| CVE-2024-38295 | 1 Alcasar | 1 Alcasar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ALCASAR before 3.6.1 allows still_connected.php remote code execution.
|
|||||
| CVE-2024-38294 | 1 Alcasar | 1 Alcasar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ALCASAR before 3.6.1 allows email_registration_back.php remote code execution.
|
|||||
| CVE-2024-38257 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft AllJoyn API Information Disclosure Vulnerability
|
|||||
| CVE-2024-38187 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38186 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38185 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38184 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38156 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-38140 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38105 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
|
|||||
| CVE-2024-38103 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-38102 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
|
|||||
| CVE-2024-38101 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
|
|||||
| CVE-2024-38099 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
|
|||||
| CVE-2024-38095 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.5 HIGH |
|
.NET and Visual Studio Denial of Service Vulnerability
|
|||||
| CVE-2024-38093 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-38092 | 1 Microsoft | 1 Azure Cyclecloud | 2024-11-21 | N/A | 8.8 HIGH |
|
Azure CycleCloud Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38091 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft WS-Discovery Denial of Service Vulnerability
|
|||||
| CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Microsoft Defender for IoT Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38088 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38087 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38086 | 1 Microsoft | 1 Azure Kinect Software Development Kit | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Azure Kinect SDK Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38085 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38083 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-38082 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-38081 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2022 and 13 more | 2024-11-21 | N/A | 7.3 HIGH |
|
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38079 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38078 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 | 2024-11-21 | N/A | 7.5 HIGH |
|
Xbox Wireless Adapter Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38077 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38076 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38074 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
|||||