Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37339 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38221 | 1 Microsoft | 1 Edge Chromium | 2024-09-23 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-43489 | 1 Microsoft | 1 Edge Chromium | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-43496 | 1 Microsoft | 1 Edge Chromium | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-37340 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
|
|||||
| CVE-2024-37338 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
|
|||||
| CVE-2024-37337 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 4.3 MEDIUM |
|
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
|
|||||
| CVE-2024-37335 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
|
|||||
| CVE-2024-26191 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
|
|||||
| CVE-2024-26186 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
|
|||||
| CVE-2024-37341 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 9.8 CRITICAL |
|
Microsoft SQL Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-37342 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 4.3 MEDIUM |
|
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
|
|||||
| CVE-2024-30073 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-09-23 | N/A | 7.8 HIGH |
|
Windows Security Zone Mapping Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-28170 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 5.5 MEDIUM |
|
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2024-46680 | 1 Linux | 1 Linux Kernel | 2024-09-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btnxpuart: Fix random crash seen while removing driver
This fixes the random kernel crash seen while removing the driver, when
running the load/unload test over multiple iterations.
1) modprobe btnxpuart
2) hciconfig hci0 reset
3) hciconfig (check hci0 interface up with valid BD address)
4) modprobe -r btnxpuart
Repeat steps 1 to 4
The ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),
which gets ...
Show More |
|||||
| CVE-2024-32940 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 5.7 MEDIUM |
|
Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2024-34543 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 7.8 HIGH |
|
Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-36261 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 5.7 MEDIUM |
|
Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2024-36247 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 5.7 MEDIUM |
|
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2024-34545 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 5.7 MEDIUM |
|
Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access.
|
|||||
| CVE-2024-28799 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | N/A | 7.5 HIGH |
|
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173.
|
|||||
| CVE-2024-45595 | 1 Man | 1 D-tale | 2024-09-20 | N/A | 9.8 CRITICAL |
|
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default.
|
|||||
| CVE-2024-36511 | 1 Fortinet | 1 Fortiadc | 2024-09-20 | N/A | 3.7 LOW |
|
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature
|
|||||
| CVE-2024-21416 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-09-20 | N/A | 9.8 CRITICAL |
|
Windows TCP/IP Remote Code Execution Vulnerability
|
|||||
| CVE-2024-46938 | 1 Sitecore | 3 Experience Commerce, Experience Manager, Experience Platform | 2024-09-20 | N/A | 7.5 HIGH |
|
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
|
|||||
| CVE-2024-46801 | 1 Linux | 1 Linux Kernel | 2024-09-20 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix get_stashed_dentry()
get_stashed_dentry() tries to optimistically retrieve a stashed dentry
from a provided location. It needs to ensure to hold rcu lock before it
dereference the stashed location to prevent UAF issues. Use
rcu_dereference() instead of READ_ONCE() it's effectively equivalent
with some lockdep bells and whistles and it communicates clearly that
this expects rcu protection.
|
|||||
| CVE-2024-45590 | 1 Openjsf | 1 Body-parser | 2024-09-20 | N/A | 7.5 HIGH |
|
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
|
|||||
| CVE-2024-45407 | 1 Lizardbyte | 1 Sunshine | 2024-09-20 | N/A | 5.3 MEDIUM |
|
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker.
|
|||||
| CVE-2024-46690 | 1 Linux | 1 Linux Kernel | 2024-09-20 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
It is not safe to dereference fl->c.flc_owner without first confirming
fl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict()
tests fl_lmops but largely ignores the result and assumes that flc_owner
is an nfs4_delegation anyway. This is wrong.
With this patch we restore the "!= &nfsd_lease_mng_ops" case to behave
as it did before the chang ...
Show More |
|||||
| CVE-2024-6796 | 1 Baxter | 1 Connex Health Portal | 2024-09-20 | N/A | 9.1 CRITICAL |
|
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.
|
|||||
| CVE-2024-8780 | 1 Syscomgo | 1 Omflow | 2024-09-20 | N/A | 6.5 MEDIUM |
|
OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.
|
|||||
| CVE-2024-1578 | 1 Rfideas | 4 Micard Plus Ble, Micard Plus Ble Firmware, Micard Plus Ci and 1 more | 2024-09-20 | N/A | 5.3 MEDIUM |
|
The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the ...
Show More |
|||||
| CVE-2024-41958 | 1 Mailcow | 1 Mailcow\ | 2024-09-20 | N/A | 7.2 HIGH |
|
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwise secured with 2FA. To exploit this vulnerability, the attacker must first have access to an account within the system and possess the credentials of the target account that has 2FA enabled. By levera ...
Show More |
|||||
| CVE-2024-45040 | 1 Consensys | 1 Gnark-crypto | 2024-09-20 | N/A | 5.9 MEDIUM |
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to ...
Show More |
|||||
| CVE-2024-45039 | 1 Consensys | 1 Gnark-crypto | 2024-09-20 | N/A | 6.2 MEDIUM |
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost t ...
Show More |
|||||
| CVE-2022-4100 | 1 Wpcerber | 1 Cerber Security Antispam \& Malware Scan | 2024-09-20 | N/A | 5.3 MEDIUM |
|
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
|
|||||
| CVE-2024-38210 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | N/A | 7.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38209 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | N/A | 7.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-3679 | 1 Squirrly | 1 Wp Seo Plugin | 2024-09-19 | N/A | 7.5 HIGH |
|
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.
|
|||||
| CVE-2024-7553 | 2 Microsoft, Mongodb | 24 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 21 more | 2024-09-19 | N/A | 7.8 HIGH |
|
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to ...
Show More |
|||||