Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46681 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
pktgen: use cpus_read_lock() in pg_net_init()
I have seen the WARN_ON(smp_processor_id() != cpu) firing
in pktgen_thread_worker() during tests.
We must use cpus_read_lock()/cpus_read_unlock()
around the for_each_online_cpu(cpu) loop.
While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.
|
|||||
| CVE-2024-46706 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel
sometimes boot hang. It is because normal console still is not ready,
but runtime suspend is called, so early console putchar will hang
in waiting TRDE set in UARTSTAT.
The lpuart driver has auto suspend delay set to 3000ms, but during
uart_add_one_port, a child device serial ctrl will added and pro ...
Show More |
|||||
| CVE-2024-6077 | 1 Rockwellautomation | 14 1756-en4, 1756-en4 Firmware, Compact Guardlogix 5380 Sil 2 and 11 more | 2024-09-19 | N/A | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
|
|||||
| CVE-2024-46703 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Revert "serial: 8250_omap: Set the console genpd always on if no console suspend"
This reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.
Kevin reported that this causes a crash during suspend on platforms that
dont use PM domains.
|
|||||
| CVE-2024-46704 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Fix spruious data race in __flush_work()
When flushing a work item for cancellation, __flush_work() knows that it
exclusively owns the work item through its PENDING bit. 134874e2eee9
("workqueue: Allow cancel_work_sync() and disable_work() from atomic
contexts on BH work items") added a read of @work->data to determine whether
to use busy wait for BH work items that are being canceled. While the read
is safe when @f ...
Show More |
|||||
| CVE-2024-46708 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: qcom: x1e80100: Fix special pin offsets
Remove the erroneus 0x100000 offset to prevent the boards from crashing
on pin state setting, as well as for the intended state changes to take
effect.
|
|||||
| CVE-2024-46709 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix prime with external buffers
Make sure that for external buffers mapping goes through the dma_buf
interface instead of trying to access pages directly.
External buffers might not provide direct access to readable/writable
pages so to make sure the bo's created from external dma_bufs can be
read dma_buf interface has to be used.
Fixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't
trigger thi ...
Show More |
|||||
| CVE-2024-46712 | 1 Linux | 1 Linux Kernel | 2024-09-19 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Disable coherent dumb buffers without 3d
Coherent surfaces make only sense if the host renders to them using
accelerated apis. Without 3d the entire content of dumb buffers stays
in the guest making all of the extra work they're doing to synchronize
between guest and host useless.
Configurations without 3d also tend to run with very low graphics
memory limits. The pinned console fb, mob cursors and graphical login ...
Show More |
|||||
| CVE-2024-7960 | 1 Rockwellautomation | 1 Pavilion8 | 2024-09-19 | N/A | 9.1 CRITICAL |
|
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
|
|||||
| CVE-2024-8306 | 1 Schneider-electric | 2 Vijeo Designer, Vijeo Designer Embedded In Ecostruxure Machine Expert | 2024-09-18 | N/A | 7.8 HIGH |
|
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized
access, loss of confidentiality, integrity and availability of the workstation when non-admin
authenticated user tries to perform privilege escalation by tampering with the binaries.
|
|||||
| CVE-2024-38483 | 1 Dell | 82 Embedded Box Pc 5000, Embedded Box Pc 5000 Firmware, Latitude 12 Rugged Extreme 7214 and 79 more | 2024-09-18 | N/A | 6.7 MEDIUM |
|
Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-38222 | 1 Microsoft | 1 Edge | 2024-09-18 | N/A | 6.5 MEDIUM |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-43230 | 1 Sharedfilespro | 1 Shared Files | 2024-09-18 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28.
|
|||||
| CVE-2023-37234 | 1 Loftware | 1 Spectrum | 2024-09-18 | N/A | 9.8 CRITICAL |
|
Loftware Spectrum through 4.6 has unprotected JMX Registry.
|
|||||
| CVE-2023-37232 | 1 Loftware | 1 Spectrum | 2024-09-18 | N/A | 7.5 HIGH |
|
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.
|
|||||
| CVE-2024-37995 | 1 Siemens | 54 Simatic Reader Rf610r Cmiit, Simatic Reader Rf610r Cmiit Firmware, Simatic Reader Rf610r Etsi and 51 more | 2024-09-18 | N/A | 9.1 CRITICAL |
|
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811 ...
Show More |
|||||
| CVE-2024-37993 | 1 Siemens | 54 Simatic Reader Rf610r Cmiit, Simatic Reader Rf610r Cmiit Firmware, Simatic Reader Rf610r Etsi and 51 more | 2024-09-18 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811 ...
Show More |
|||||
| CVE-2024-37992 | 1 Siemens | 54 Simatic Reader Rf610r Cmiit, Simatic Reader Rf610r Cmiit Firmware, Simatic Reader Rf610r Etsi and 51 more | 2024-09-18 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811 ...
Show More |
|||||
| CVE-2024-8269 | 1 Inspireui | 1 Mstore Api | 2024-09-18 | N/A | 6.5 MEDIUM |
|
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the register() function. This makes it possible for unauthenticated attackers to create user accounts on sites, even when user registration is disabled and plugin functionality is not activated.
|
|||||
| CVE-2024-38018 | 1 Microsoft | 1 Sharepoint Server | 2024-09-18 | N/A | 8.8 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38045 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-09-18 | N/A | 8.1 HIGH |
|
Windows TCP/IP Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38046 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-09-18 | N/A | 7.8 HIGH |
|
PowerShell Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43482 | 1 Microsoft | 1 Outlook | 2024-09-18 | N/A | 6.5 MEDIUM |
|
Microsoft Outlook for iOS Information Disclosure Vulnerability
|
|||||
| CVE-2024-43487 | 1 Microsoft | 8 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 5 more | 2024-09-18 | N/A | 6.5 MEDIUM |
|
Windows Mark of the Web Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-43492 | 1 Microsoft | 1 Autoupdate | 2024-09-18 | N/A | 7.8 HIGH |
|
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43495 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2024-09-18 | N/A | 7.3 HIGH |
|
Windows libarchive Remote Code Execution Vulnerability
|
|||||
| CVE-2024-43251 | 1 Bitapps | 1 Bit Form | 2024-09-17 | N/A | 6.5 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.This issue affects Bit Form Pro: from n/a through 2.6.4.
|
|||||
| CVE-2024-38188 | 1 Microsoft | 1 Azure Network Watcher Agent | 2024-09-17 | N/A | 7.1 HIGH |
|
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43470 | 1 Microsoft | 1 Azure Network Watcher Agent | 2024-09-17 | N/A | 7.3 HIGH |
|
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38119 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-09-17 | N/A | 7.5 HIGH |
|
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38194 | 1 Microsoft | 1 Azure Web Apps | 2024-09-17 | N/A | 9.9 CRITICAL |
|
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
|
|||||
| CVE-2024-38216 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-17 | N/A | 9.0 CRITICAL |
|
Azure Stack Hub Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38220 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-17 | N/A | 9.0 CRITICAL |
|
Azure Stack Hub Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38225 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-09-17 | N/A | 9.8 CRITICAL |
|
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38228 | 1 Microsoft | 1 Sharepoint Server | 2024-09-17 | N/A | 7.2 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38227 | 1 Microsoft | 1 Sharepoint Server | 2024-09-17 | N/A | 7.2 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38230 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-09-17 | N/A | 7.5 HIGH |
|
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
|
|||||
| CVE-2024-38231 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-17 | N/A | 7.5 HIGH |
|
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
|
|||||
| CVE-2024-38232 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-17 | N/A | 7.5 HIGH |
|
Windows Networking Denial of Service Vulnerability
|
|||||
| CVE-2024-38233 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-17 | N/A | 7.5 HIGH |
|
Windows Networking Denial of Service Vulnerability
|
|||||