Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36287 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-11-21 | N/A | 3.8 LOW |
|
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
|
|||||
| CVE-2024-36122 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 2.4 LOW |
|
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators fr ...
Show More |
|||||
| CVE-2024-35776 | 1 Exeebit | 1 Phpinfo-wp | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0.
|
|||||
| CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8.
|
|||||
| CVE-2024-35682 | 1 Themeisle | 1 Otter Blocks | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11.
|
|||||
| CVE-2024-35272 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
|||||
| CVE-2024-35271 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
|||||
| CVE-2024-35270 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Windows iSCSI Service Denial of Service Vulnerability
|
|||||
| CVE-2024-35267 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A | 7.6 HIGH |
|
Azure DevOps Server Spoofing Vulnerability
|
|||||
| CVE-2024-35266 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A | 7.6 HIGH |
|
Azure DevOps Server Spoofing Vulnerability
|
|||||
| CVE-2024-35263 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
|
|||||
| CVE-2024-35261 | 1 Microsoft | 1 Azure Network Watcher Agent | 2024-11-21 | N/A | 7.8 HIGH |
|
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-35256 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
|||||
| CVE-2024-35178 | 2 Jupyter, Microsoft | 2 Jupyter Server, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to ...
Show More |
|||||
| CVE-2024-34696 | 1 Geoserver | 1 Geoserver | 2024-11-21 | N/A | 4.5 MEDIUM |
|
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoS ...
Show More |
|||||
| CVE-2024-34688 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A | 7.5 HIGH |
|
Due to unrestricted access to the Meta Model
Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks
on the application, which may prevent legitimate users from accessing it. This
can result in no impact on confidentiality and integrity but a high impact on
the availability of the application.
|
|||||
| CVE-2024-34684 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A | 3.7 LOW |
|
On Unix, SAP BusinessObjects Business
Intelligence Platform (Scheduling) allows an authenticated attacker with
administrator access on the local server to access the password of a local
account. As a result, an attacker can obtain non-administrative user
credentials, which will allow them to read or modify the remote server files.
|
|||||
| CVE-2024-34602 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34600 | 1 Samsung | 1 Flow | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.
|
|||||
| CVE-2024-34599 | 2 Google, Samsung | 2 Android, Tips | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege.
|
|||||
| CVE-2024-34597 | 1 Samsung | 1 Health | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34594 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
|
|||||
| CVE-2024-34593 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34592 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34591 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34590 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34589 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34588 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34587 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-33700 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption.
|
|||||
| CVE-2024-33626 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the device's WiFi network.
|
|||||
| CVE-2024-33603 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.
|
|||||
| CVE-2024-33001 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.5 MEDIUM |
|
SAP NetWeaver and ABAP platform allows an
attacker to impede performance for legitimate users by crashing or flooding the
service.
An
impact of this Denial of Service vulnerability might be long response delays
and service interruptions, thus degrading the service quality experienced by
legitimate users causing high impact on availability of the application.
|
|||||
| CVE-2024-32987 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft SharePoint Server Information Disclosure Vulnerability
|
|||||
| CVE-2024-32860 | 1 Dell | 44 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R11 and 41 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-32859 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-32858 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-32856 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
|
|||||
| CVE-2024-32167 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.
|
|||||
| CVE-2024-32007 | 1 Apache | 1 Cxf | 2024-11-21 | N/A | 7.5 HIGH |
|
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
|
|||||