Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43571 | 1 Microsoft | 1 Windows 11 24h2 | 2024-10-16 | N/A | 7.3 HIGH |
|
Sudo for Windows Spoofing Vulnerability
|
|||||
| CVE-2024-43570 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-16 | N/A | 7.0 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43532 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-16 | N/A | 8.8 HIGH |
|
Remote Registry Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43537 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-16 | N/A | 6.5 MEDIUM |
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
|||||
| CVE-2024-43536 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-16 | N/A | 6.8 MEDIUM |
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2024-43535 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-16 | N/A | 7.0 HIGH |
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43534 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-16 | N/A | 6.5 MEDIUM |
|
Windows Graphics Component Information Disclosure Vulnerability
|
|||||
| CVE-2024-43533 | 1 Microsoft | 6 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-10-16 | N/A | 8.8 HIGH |
|
Remote Desktop Client Remote Code Execution Vulnerability
|
|||||
| CVE-2024-43529 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 5 more | 2024-10-16 | N/A | 7.3 HIGH |
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43528 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-16 | N/A | 7.8 HIGH |
|
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43590 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-10-16 | N/A | 7.8 HIGH |
|
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43585 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-16 | N/A | 5.5 MEDIUM |
|
Code Integrity Guard Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-43584 | 1 Microsoft | 6 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-10-16 | N/A | 8.4 HIGH |
|
Windows Scripting Engine Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-43582 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-16 | N/A | 8.1 HIGH |
|
Remote Desktop Protocol Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-43481 | 1 Microsoft | 1 Power Bi Report Server | 2024-10-16 | N/A | 8.8 HIGH |
|
Power BI Report Server Spoofing Vulnerability
|
|||||
| CVE-2024-43780 | 1 Mattermost | 1 Mattermost Server | 2024-10-16 | N/A | 4.3 MEDIUM |
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.
|
|||||
| CVE-2024-42497 | 1 Mattermost | 1 Mattermost Server | 2024-10-16 | N/A | 4.9 MEDIUM |
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams.
|
|||||
| CVE-2024-33066 | 1 Qualcomm | 142 Csr8811, Csr8811 Firmware, Immersive Home 214 Platform and 139 more | 2024-10-16 | N/A | 9.8 CRITICAL |
|
Memory corruption while redirecting log file to any file location with any file name.
|
|||||
| CVE-2024-38097 | 1 Microsoft | 1 Azure Monitor Agent | 2024-10-16 | N/A | 7.1 HIGH |
|
Azure Monitor Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38029 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-10-16 | N/A | 7.5 HIGH |
|
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
|
|||||
| CVE-2024-37976 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-16 | N/A | 6.7 MEDIUM |
|
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-37982 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-16 | N/A | 7.8 HIGH |
|
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-43697 | 1 Openatom | 1 Openharmony | 2024-10-16 | N/A | 5.5 MEDIUM |
|
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.
|
|||||
| CVE-2024-37979 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-10-16 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-9596 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 5.3 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.
|
|||||
| CVE-2024-39412 | 1 Adobe | 2 Commerce, Magento | 2024-10-16 | N/A | 4.3 MEDIUM |
|
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2024-45148 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-16 | N/A | 8.8 HIGH |
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2024-37983 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-16 | N/A | 6.7 MEDIUM |
|
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-9471 | 1 Paloaltonetworks | 1 Pan-os | 2024-10-15 | N/A | 4.7 MEDIUM |
|
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should b ...
Show More |
|||||
| CVE-2024-46307 | 1 Sparkshop | 1 Sparkshop | 2024-10-15 | N/A | 7.5 HIGH |
|
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
|
|||||
| CVE-2024-7294 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 6.5 MEDIUM |
|
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
|
|||||
| CVE-2024-9519 | 1 Wpuserplus | 1 Userplus | 2024-10-15 | N/A | 7.2 HIGH |
|
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.
|
|||||
| CVE-2024-9518 | 1 Wpuserplus | 1 Userplus | 2024-10-15 | N/A | 9.8 CRITICAL |
|
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
|
|||||
| CVE-2024-45135 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 2.7 LOW |
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2024-45134 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 2.7 LOW |
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2024-45129 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 4.3 MEDIUM |
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2024-45130 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 4.3 MEDIUM |
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2024-45124 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 5.3 MEDIUM |
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2024-48942 | 1 Syracom | 1 Secure Login | 2024-10-11 | N/A | 5.9 MEDIUM |
|
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid.
|
|||||
| CVE-2024-48941 | 1 Syracom | 1 Secure Login | 2024-10-11 | N/A | 5.4 MEDIUM |
|
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.
|
|||||