Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25562 | 1 Intel | 2 Distribution For Gdb, Oneapi Base Toolkit | 2024-08-31 | N/A | 6.6 MEDIUM |
|
Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2024-24973 | 1 Intel | 2 Distribution For Gdb, Oneapi Base Toolkit | 2024-08-31 | N/A | 3.3 LOW |
|
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2024-42339 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 4.3 MEDIUM |
|
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
|
|||||
| CVE-2024-8182 | 1 Flowiseai | 1 Flowise | 2024-08-30 | N/A | 7.5 HIGH |
|
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.
|
|||||
| CVE-2024-42467 | 1 Openhab | 1 Openhab Web Interface | 2024-08-29 | N/A | 10.0 CRITICAL |
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery (SSRF) to induce GET HTTP requests to internal-only servers, in case openHAB is exposed in a non-private network. Furthermore, this proxy-feature can also be exploited as a Cross-Site Scripting (XSS) v ...
Show More |
|||||
| CVE-2024-7610 | 1 Gitlab | 1 Gitlab | 2024-08-29 | N/A | 6.5 MEDIUM |
|
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.
|
|||||
| CVE-2024-7554 | 1 Gitlab | 1 Gitlab | 2024-08-29 | N/A | 6.5 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner.
|
|||||
| CVE-2024-5423 | 1 Gitlab | 1 Gitlab | 2024-08-29 | N/A | 6.5 MEDIUM |
|
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.
|
|||||
| CVE-2024-7851 | 1 Oretnom23 | 1 Yoga Class Registration System | 2024-08-29 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-42493 | 1 Dorsettcontrols | 1 Infoscan | 2024-08-29 | N/A | 5.3 MEDIUM |
|
Dorsett Controls InfoScan is vulnerable due to a leak of possible
sensitive information through the response headers and the rendered
JavaScript prior to user login.
|
|||||
| CVE-2024-39287 | 1 Dorsettcontrols | 1 Infoscan | 2024-08-29 | N/A | 7.5 HIGH |
|
Dorsett Controls Central Server update server has potential information
leaks with an unprotected file that contains passwords and API keys.
|
|||||
| CVE-2024-42440 | 1 Zoom | 3 Meeting Software Development Kit, Rooms, Workplace Desktop | 2024-08-28 | N/A | 6.7 MEDIUM |
|
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
|
|||||
| CVE-2024-43472 | 1 Microsoft | 1 Edge Chromium | 2024-08-28 | N/A | 8.3 HIGH |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-6978 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 8.8 HIGH |
|
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
|
|||||
| CVE-2024-44942 | 1 Linux | 1 Linux Kernel | 2024-08-27 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
syzbot reports a f2fs bug as below:
------------[ cut here ]------------
kernel BUG at fs/f2fs/inline.c:258!
CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0
RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258
Call Trace:
f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834
f2fs_write_cache_ ...
Show More |
|||||
| CVE-2024-6973 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 8.8 HIGH |
|
Remote Code Execution in Cato Windows SDP client via crafted URLs.
This issue affects Windows SDP Client before 5.10.34.
|
|||||
| CVE-2024-7972 | 1 Google | 1 Chrome | 2024-08-26 | N/A | 8.8 HIGH |
|
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-41849 | 1 Adobe | 1 Experience Manager | 2024-08-26 | N/A | 4.1 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.
|
|||||
| CVE-2024-44382 | 1 Dlink | 2 Di 8004w, Di 8004w Firmware | 2024-08-26 | N/A | 9.8 CRITICAL |
|
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
|
|||||
| CVE-2024-44381 | 1 Dlink | 2 Di 8004w, Di 8004w Firmware | 2024-08-26 | N/A | 9.8 CRITICAL |
|
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
|
|||||
| CVE-2024-24580 | 1 Intel | 4 Data Center Gpu Max 1100, Data Center Gpu Max 1100 Firmware, Data Center Gpu Max 1550 and 1 more | 2024-08-23 | N/A | 5.5 MEDIUM |
|
Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2024-41976 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-08-23 | N/A | 8.8 HIGH |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANC ...
Show More |
|||||
| CVE-2024-20451 | 1 Cisco | 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more | 2024-08-23 | N/A | 7.5 HIGH |
|
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.
These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could ...
Show More |
|||||
| CVE-2020-11846 | 1 Microfocus | 1 Netiq Privileged Access Manager | 2024-08-23 | N/A | 7.5 HIGH |
|
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
|
|||||
| CVE-2023-22576 | 1 Dell | 1 Repository Manager | 2024-08-23 | N/A | 7.8 HIGH |
|
Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.
|
|||||
| CVE-2024-4210 | 1 Gitlab | 1 Gitlab | 2024-08-23 | N/A | 6.5 MEDIUM |
|
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files.
|
|||||
| CVE-2024-39810 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 4.9 MEDIUM |
|
Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.
|
|||||
| CVE-2024-39836 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 6.5 MEDIUM |
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.
|
|||||
| CVE-2024-7328 | 1 Youdiancms | 1 Youdiancms | 2024-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-42396 | 1 Hp | 1 Instantos | 2024-08-23 | N/A | 5.3 MEDIUM |
|
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
|
|||||
| CVE-2024-42400 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-23 | N/A | 5.3 MEDIUM |
|
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
|
|||||
| CVE-2024-29977 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 4.3 MEDIUM |
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
|
|||||
| CVE-2024-36492 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 6.4 MEDIUM |
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user.
|
|||||
| CVE-2024-39274 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 6.5 MEDIUM |
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels
|
|||||
| CVE-2024-39777 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 9.6 CRITICAL |
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local channel will then become shared without the consent of the local admin.
|
|||||
| CVE-2022-48926 | 1 Linux | 1 Linux Kernel | 2024-08-23 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: add spinlock for rndis response list
There's no lock for rndis response list. It could cause list corruption
if there're two different list_add at the same time like below.
It's better to add in rndis_add_response / rndis_free_response
/ rndis_get_next_response to prevent any race condition on response list.
[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.
next->prev should be prev (ffffff8065 ...
Show More |
|||||
| CVE-2024-7977 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-22 | N/A | 7.8 HIGH |
|
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
|
|||||
| CVE-2022-48943 | 1 Linux | 1 Linux Kernel | 2024-08-22 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: make apf token non-zero to fix bug
In current async pagefault logic, when a page is ready, KVM relies on
kvm_arch_can_dequeue_async_page_present() to determine whether to deliver
a READY event to the Guest. This function test token value of struct
kvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a
READY event is finished by Guest. If value is zero meaning that a READY
event is done, so the K ...
Show More |
|||||
| CVE-2024-41332 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2024-08-21 | N/A | 6.5 MEDIUM |
|
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.
|
|||||
| CVE-2024-43380 | 1 Floraison | 1 Fugit | 2024-08-21 | N/A | 7.5 HIGH |
|
fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.
|
|||||