Patch Tuesday — August 2024
2024-08-13 · 862 CVEs
CVEs published or modified the week of 2024-08-13, partitioned by vendor.
Microsoft (131 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38199 | Critical | 9.8 | — | 2024-08-13 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
CVE-2024-38140 | Critical | 9.8 | — | 2024-08-13 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
CVE-2024-38063 | Critical | 9.8 | — | 2024-08-13 | Windows TCP/IP Remote Code Execution Vulnerability |
CVE-2024-38108 | Critical | 9.3 | — | 2024-08-13 | Azure Stack Hub Spoofing Vulnerability |
CVE-2024-38160 | Critical | 9.1 | — | 2024-08-13 | Windows Network Virtualization Remote Code Execution Vulnerability |
CVE-2024-38159 | Critical | 9.1 | — | 2024-08-13 | Windows Network Virtualization Remote Code Execution Vulnerability |
CVE-2024-38109 | Critical | 9.1 | — | 2024-08-13 | An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. |
CVE-2024-38189 | High | 8.8 | KEV | 2024-08-13 | Microsoft Project Remote Code Execution Vulnerability |
CVE-2024-38180 | High | 8.8 | — | 2024-08-13 | Windows SmartScreen Security Feature Bypass Vulnerability |
CVE-2024-38154 | High | 8.8 | — | 2024-08-13 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-38144 | High | 8.8 | — | 2024-08-13 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
CVE-2024-38131 | High | 8.8 | — | 2024-08-13 | Clipboard Virtual Channel Extension Remote Code Execution Vulnerability |
CVE-2024-38130 | High | 8.8 | — | 2024-08-13 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-38128 | High | 8.8 | — | 2024-08-13 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-38121 | High | 8.8 | — | 2024-08-13 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-38120 | High | 8.8 | — | 2024-08-13 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-38116 | High | 8.8 | — | 2024-08-13 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
CVE-2024-38115 | High | 8.8 | — | 2024-08-13 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
CVE-2024-38114 | High | 8.8 | — | 2024-08-13 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
CVE-2024-38218 | High | 8.4 | — | 2024-08-12 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability |
CVE-2024-38211 | High | 8.2 | — | 2024-08-13 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2024-29995 | High | 8.1 | — | 2024-08-13 | Windows Kerberos Elevation of Privilege Vulnerability |
CVE-2024-7263 | High | 7.8 | — | 2024-08-15 | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. |
CVE-2024-7262 | High | 7.8 | KEV | 2024-08-15 | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. |
CVE-2024-41856 | High | 7.8 | — | 2024-08-14 | Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41853 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41852 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41851 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41850 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41840 | High | 7.8 | — | 2024-08-14 | Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41831 | High | 7.8 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41830 | High | 7.8 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39426 | High | 7.8 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory st… |
CVE-2024-39424 | High | 7.8 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39423 | High | 7.8 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39422 | High | 7.8 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39394 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39393 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2024-39391 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39390 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39389 | High | 7.8 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39388 | High | 7.8 | — | 2024-08-14 | Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39386 | High | 7.8 | — | 2024-08-14 | Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39383 | High | 7.8 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34133 | High | 7.8 | — | 2024-08-14 | Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34117 | High | 7.8 | — | 2024-08-14 | Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41858 | High | 7.8 | — | 2024-08-14 | InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-38163 | High | 7.8 | — | 2024-08-14 | Windows Update Stack Elevation of Privilege Vulnerability |
CVE-2024-38215 | High | 7.8 | — | 2024-08-13 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
CVE-2024-38196 | High | 7.8 | — | 2024-08-13 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-38195 | High | 7.8 | — | 2024-08-13 | Azure CycleCloud Remote Code Execution Vulnerability |
CVE-2024-38193 | High | 7.8 | KEV | 2024-08-13 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
CVE-2024-38191 | High | 7.8 | — | 2024-08-13 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
CVE-2024-38187 | High | 7.8 | — | 2024-08-13 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-38186 | High | 7.8 | — | 2024-08-13 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-38185 | High | 7.8 | — | 2024-08-13 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-38184 | High | 7.8 | — | 2024-08-13 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-38177 | High | 7.8 | — | 2024-08-13 | Windows App Installer Spoofing Vulnerability |
CVE-2024-38172 | High | 7.8 | — | 2024-08-13 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-38171 | High | 7.8 | — | 2024-08-13 | Microsoft PowerPoint Remote Code Execution Vulnerability |
CVE-2024-38169 | High | 7.8 | — | 2024-08-13 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2024-38162 | High | 7.8 | — | 2024-08-13 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
CVE-2024-38153 | High | 7.8 | — | 2024-08-13 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-38152 | High | 7.8 | — | 2024-08-13 | Windows OLE Remote Code Execution Vulnerability |
CVE-2024-38150 | High | 7.8 | — | 2024-08-13 | Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-38147 | High | 7.8 | — | 2024-08-13 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-38142 | High | 7.8 | — | 2024-08-13 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
CVE-2024-38141 | High | 7.8 | — | 2024-08-13 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
CVE-2024-38135 | High | 7.8 | — | 2024-08-13 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
CVE-2024-38134 | High | 7.8 | — | 2024-08-13 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
CVE-2024-38133 | High | 7.8 | — | 2024-08-13 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-38127 | High | 7.8 | — | 2024-08-13 | Windows Hyper-V Elevation of Privilege Vulnerability |
CVE-2024-38125 | High | 7.8 | — | 2024-08-13 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
CVE-2024-38117 | High | 7.8 | — | 2024-08-13 | NTFS Elevation of Privilege Vulnerability |
CVE-2024-38107 | High | 7.8 | KEV | 2024-08-13 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability |
CVE-2024-38098 | High | 7.8 | — | 2024-08-13 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
CVE-2024-38084 | High | 7.8 | — | 2024-08-13 | Microsoft OfficePlus Elevation of Privilege Vulnerability |
CVE-2024-43373 | High | 7.7 | — | 2024-08-15 | webcrack is a tool for reverse engineering javascript. |
CVE-2024-38198 | High | 7.5 | — | 2024-08-13 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2024-38178 | High | 7.5 | KEV | 2024-08-13 | Scripting Engine Memory Corruption Vulnerability |
CVE-2024-38168 | High | 7.5 | — | 2024-08-13 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2024-38148 | High | 7.5 | — | 2024-08-13 | Windows Secure Channel Denial of Service Vulnerability |
CVE-2024-38146 | High | 7.5 | — | 2024-08-13 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
CVE-2024-38145 | High | 7.5 | — | 2024-08-13 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
CVE-2024-38138 | High | 7.5 | — | 2024-08-13 | Windows Deployment Services Remote Code Execution Vulnerability |
CVE-2024-38132 | High | 7.5 | — | 2024-08-13 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
CVE-2024-38126 | High | 7.5 | — | 2024-08-13 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
CVE-2024-37968 | High | 7.5 | — | 2024-08-13 | Windows DNS Spoofing Vulnerability |
CVE-2024-38170 | High | 7.1 | — | 2024-08-13 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-39425 | High | 7.0 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. |
CVE-2024-39420 | High | 7.0 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could… |
CVE-2024-38201 | High | 7.0 | — | 2024-08-13 | Azure Stack Hub Elevation of Privilege Vulnerability |
CVE-2024-38158 | High | 7.0 | — | 2024-08-13 | Azure IoT SDK Remote Code Execution Vulnerability |
CVE-2024-38157 | High | 7.0 | — | 2024-08-13 | Azure IoT SDK Remote Code Execution Vulnerability |
CVE-2024-38137 | High | 7.0 | — | 2024-08-13 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability |
CVE-2024-38136 | High | 7.0 | — | 2024-08-13 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability |
CVE-2024-38106 | High | 7.0 | KEV | 2024-08-13 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-38223 | Medium | 6.8 | — | 2024-08-13 | Windows Initial Machine Configuration Elevation of Privilege Vulnerability |
CVE-2024-38161 | Medium | 6.8 | — | 2024-08-13 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-38173 | Medium | 6.7 | — | 2024-08-13 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2024-38214 | Medium | 6.5 | — | 2024-08-13 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
CVE-2024-38213 | Medium | 6.5 | KEV | 2024-08-13 | Windows Mark of the Web Security Feature Bypass Vulnerability |
CVE-2024-38197 | Medium | 6.5 | — | 2024-08-13 | Microsoft Teams for iOS Spoofing Vulnerability |
CVE-2024-38167 | Medium | 6.5 | — | 2024-08-13 | .NET and Visual Studio Information Disclosure Vulnerability |
CVE-2024-38165 | Medium | 6.5 | — | 2024-08-13 | Windows Compressed Folder Tampering Vulnerability |
CVE-2024-42474 | Medium | 6.5 | — | 2024-08-12 | Streamlit is a data oriented application development framework for python. |
CVE-2024-38219 | Medium | 6.5 | — | 2024-08-12 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
CVE-2024-38200 | Medium | 6.5 | — | 2024-08-12 | Microsoft Office Spoofing Vulnerability |
CVE-2024-43472 | Medium | 5.8 | — | 2024-08-16 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
CVE-2024-41866 | Medium | 5.5 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). |
CVE-2024-41854 | Medium | 5.5 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-41835 | Medium | 5.5 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-41834 | Medium | 5.5 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-41833 | Medium | 5.5 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-41832 | Medium | 5.5 | — | 2024-08-14 | Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-39395 | Medium | 5.5 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). |
CVE-2024-39387 | Medium | 5.5 | — | 2024-08-14 | Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-34138 | Medium | 5.5 | — | 2024-08-14 | Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). |
CVE-2024-34137 | Medium | 5.5 | — | 2024-08-14 | Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. |
CVE-2024-34136 | Medium | 5.5 | — | 2024-08-14 | Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). |
CVE-2024-34135 | Medium | 5.5 | — | 2024-08-14 | Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-34134 | Medium | 5.5 | — | 2024-08-14 | Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-34127 | Medium | 5.5 | — | 2024-08-14 | InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-34118 | Medium | 5.5 | — | 2024-08-14 | Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. |
CVE-2024-38155 | Medium | 5.5 | — | 2024-08-13 | Security Center Broker Information Disclosure Vulnerability |
CVE-2024-38151 | Medium | 5.5 | — | 2024-08-13 | Windows Kernel Information Disclosure Vulnerability |
CVE-2024-38122 | Medium | 5.5 | — | 2024-08-13 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability |
CVE-2024-38118 | Medium | 5.5 | — | 2024-08-13 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability |
CVE-2024-38123 | Medium | 4.4 | — | 2024-08-13 | Windows Bluetooth Driver Information Disclosure Vulnerability |
CVE-2024-38143 | Medium | 4.2 | — | 2024-08-13 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability |
CVE-2024-6768 | — | — | — | 2024-08-12 | A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to… |
Other vendors (731 CVEs across 216 vendors)
N/a · 128 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43042 | Critical | 9.8 | — | 2024-08-16 | Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. |
CVE-2024-42850 | Critical | 9.8 | — | 2024-08-16 | An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. |
CVE-2024-42634 | Critical | 9.8 | — | 2024-08-16 | A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. |
CVE-2024-42757 | Critical | 9.8 | — | 2024-08-15 | Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. |
CVE-2024-23168 | Critical | 9.8 | — | 2024-08-15 | Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. |
CVE-2024-42978 | Critical | 9.8 | — | 2024-08-15 | An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. |
CVE-2024-42967 | Critical | 9.8 | — | 2024-08-15 | Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. |
CVE-2024-42966 | Critical | 9.8 | — | 2024-08-15 | Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. |
CVE-2024-42947 | Critical | 9.8 | — | 2024-08-15 | An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. |
CVE-2024-42843 | Critical | 9.8 | — | 2024-08-15 | Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. |
CVE-2024-42547 | Critical | 9.8 | — | 2024-08-12 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. |
CVE-2024-42546 | Critical | 9.8 | — | 2024-08-12 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function. |
CVE-2024-42545 | Critical | 9.8 | — | 2024-08-12 | TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. |
CVE-2024-42543 | Critical | 9.8 | — | 2024-08-12 | TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. |
CVE-2024-42520 | Critical | 9.8 | — | 2024-08-12 | TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. |
CVE-2024-41577 | Critical | 9.8 | — | 2024-08-12 | An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. |
CVE-2024-40477 | Critical | 9.8 | — | 2024-08-12 | A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter. |
CVE-2024-40472 | Critical | 9.8 | — | 2024-08-12 | Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php." |
CVE-2024-38989 | Critical | 9.8 | — | 2024-08-12 | izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. |
CVE-2024-22218 | High | 8.8 | — | 2024-08-15 | XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as acces… |
CVE-2024-42681 | High | 8.8 | — | 2024-08-15 | Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. |
CVE-2024-21810 | High | 8.8 | — | 2024-08-14 | Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21807 | High | 8.8 | — | 2024-08-14 | Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-42739 | High | 8.8 | — | 2024-08-13 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. |
CVE-2024-42738 | High | 8.8 | — | 2024-08-13 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. |
CVE-2024-42737 | High | 8.8 | — | 2024-08-13 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. |
CVE-2024-42748 | High | 8.8 | — | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. |
CVE-2024-42747 | High | 8.8 | — | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. |
CVE-2024-42745 | High | 8.8 | — | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. |
CVE-2024-42744 | High | 8.8 | — | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. |
CVE-2024-42743 | High | 8.8 | — | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . |
CVE-2024-42742 | High | 8.8 | — | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. |
CVE-2024-42741 | High | 8.8 | — | 2024-08-12 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. |
CVE-2023-48171 | High | 8.8 | — | 2024-08-12 | An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. |
CVE-2024-41475 | High | 8.8 | — | 2024-08-12 | Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. |
CVE-2024-40500 | High | 8.6 | — | 2024-08-12 | Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. |
CVE-2024-42995 | High | 8.3 | — | 2024-08-16 | VTiger CRM <= 8.1.0 does not correctly check user privileges. |
CVE-2024-36877 | High | 8.2 | — | 2024-08-12 | Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where con… |
CVE-2024-41651 | High | 8.1 | — | 2024-08-12 | An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. |
CVE-2023-49141 | High | 7.8 | — | 2024-08-14 | Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-42667 | High | 7.8 | — | 2024-08-14 | Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-42736 | High | 7.8 | — | 2024-08-13 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. |
CVE-2024-27442 | High | 7.8 | — | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. |
CVE-2023-50809 | High | 7.8 | — | 2024-08-12 | In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. |
CVE-2024-42987 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. |
CVE-2024-42986 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. |
CVE-2024-42985 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. |
CVE-2024-42984 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. |
CVE-2024-42983 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. |
CVE-2024-42982 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. |
CVE-2024-42981 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. |
CVE-2024-42980 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. |
CVE-2024-42979 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. |
CVE-2024-42977 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. |
CVE-2024-42976 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. |
CVE-2024-42974 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. |
CVE-2024-42973 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. |
CVE-2024-42969 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. |
CVE-2024-42968 | High | 7.5 | — | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function. |
CVE-2024-42955 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. |
CVE-2024-42954 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. |
CVE-2024-42953 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. |
CVE-2024-42952 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function. |
CVE-2024-42951 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. |
CVE-2024-42950 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. |
CVE-2024-42949 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. |
CVE-2024-42948 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. |
CVE-2024-42946 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. |
CVE-2024-42945 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. |
CVE-2024-42944 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. |
CVE-2024-42943 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. |
CVE-2024-42942 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. |
CVE-2024-42941 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. |
CVE-2024-42940 | High | 7.5 | — | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. |
CVE-2024-33535 | High | 7.5 | — | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. |
CVE-2024-37826 | High | 7.5 | — | 2024-08-12 | A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
CVE-2024-37015 | High | 7.4 | — | 2024-08-13 | An issue was discovered in Ada Web Server 20.0. |
CVE-2024-42994 | High | 7.2 | — | 2024-08-16 | VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. |
CVE-2024-24853 | High | 7.2 | — | 2024-08-14 | Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-38655 | Medium | 6.8 | — | 2024-08-14 | Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access. |
CVE-2024-41711 | Medium | 6.8 | — | 2024-08-13 | A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an… |
CVE-2024-42740 | Medium | 6.8 | — | 2024-08-13 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. |
CVE-2024-28953 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23974 | Medium | 6.7 | — | 2024-08-14 | Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-22378 | Medium | 6.7 | — | 2024-08-14 | Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-22376 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21857 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21769 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21766 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-49144 | Medium | 6.7 | — | 2024-08-14 | Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access. |
CVE-2023-43747 | Medium | 6.7 | — | 2024-08-14 | Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-42849 | Medium | 6.5 | — | 2024-08-16 | An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. |
CVE-2024-22217 | Medium | 6.5 | — | 2024-08-15 | A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on. |
CVE-2024-24983 | Medium | 6.5 | — | 2024-08-14 | Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access. |
CVE-2024-22374 | Medium | 6.5 | — | 2024-08-14 | Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-41332 | Medium | 6.5 | — | 2024-08-12 | Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. |
CVE-2024-21787 | Medium | 6.4 | — | 2024-08-14 | Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-32231 | Medium | 6.3 | — | 2024-08-15 | Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. |
CVE-2024-22219 | Medium | 6.3 | — | 2024-08-15 | XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as acces… |
CVE-2024-24980 | Medium | 6.1 | — | 2024-08-14 | Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2024-27443 | Medium | 6.1 | KEV | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. |
CVE-2024-21550 | Medium | 6.1 | — | 2024-08-12 | SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. |
CVE-2024-41482 | Medium | 6.1 | — | 2024-08-12 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. |
CVE-2024-41481 | Medium | 6.1 | — | 2024-08-12 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. |
CVE-2024-40484 | Medium | 6.1 | — | 2024-08-12 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. |
CVE-2024-25939 | Medium | 6.0 | — | 2024-08-14 | Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. |
CVE-2023-50810 | Medium | 6.0 | — | 2024-08-12 | In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. |
CVE-2023-40067 | Medium | 5.7 | — | 2024-08-14 | Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
CVE-2024-21806 | Medium | 5.5 | — | 2024-08-14 | Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-43006 | Medium | 5.4 | — | 2024-08-16 | A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. |
CVE-2024-42758 | Medium | 5.4 | — | 2024-08-16 | A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). |
CVE-2024-25837 | Medium | 5.4 | — | 2024-08-16 | A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section. |
CVE-2024-41613 | Medium | 5.4 | — | 2024-08-13 | A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note. |
CVE-2024-33536 | Medium | 5.4 | — | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. |
CVE-2024-33533 | Medium | 5.4 | — | 2024-08-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. |
CVE-2024-40481 | Medium | 5.4 | — | 2024-08-12 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter. |
CVE-2024-7658 | Medium | 5.3 | — | 2024-08-12 | A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. |
CVE-2024-43011 | Medium | 4.9 | — | 2024-08-16 | An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. |
CVE-2024-41614 | Medium | 4.8 | — | 2024-08-13 | symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles. |
CVE-2024-43009 | Medium | 4.7 | — | 2024-08-16 | A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. |
CVE-2024-43005 | Medium | 4.7 | — | 2024-08-16 | A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. |
CVE-2023-34424 | Medium | 4.4 | — | 2024-08-14 | Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. |
CVE-2024-21844 | Medium | 4.3 | — | 2024-08-14 | Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-35123 | Medium | 4.3 | — | 2024-08-14 | Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access. |
CVE-2024-7709 | Medium | 4.3 | — | 2024-08-13 | A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. |
CVE-2024-7659 | Low | 3.7 | — | 2024-08-12 | A vulnerability, which was classified as problematic, was found in projectsend up to r1605. |
CVE-2024-7733 | Low | 3.5 | — | 2024-08-13 | A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. |
CVE-2023-48361 | Low | 2.3 | — | 2024-08-14 | Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. |
Adobe · 34 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-39397 | Critical | 9.0 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. |
CVE-2024-39402 | High | 8.4 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execut… |
CVE-2024-39401 | High | 8.4 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execut… |
CVE-2024-39400 | High | 8.1 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-41865 | High | 7.8 | — | 2024-08-14 | Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. |
CVE-2024-34124 | High | 7.8 | — | 2024-08-14 | Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20789 | High | 7.8 | — | 2024-08-14 | Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-41864 | High | 7.8 | — | 2024-08-14 | Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-39399 | High | 7.7 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. |
CVE-2024-39403 | High | 7.6 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form… |
CVE-2024-39398 | High | 7.4 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. |
CVE-2024-39406 | Medium | 6.8 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. |
CVE-2024-34126 | Medium | 5.5 | — | 2024-08-14 | Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-34125 | Medium | 5.5 | — | 2024-08-14 | Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20790 | Medium | 5.5 | — | 2024-08-14 | Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-41863 | Medium | 5.5 | — | 2024-08-14 | Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-41862 | Medium | 5.5 | — | 2024-08-14 | Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-41861 | Medium | 5.5 | — | 2024-08-14 | Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-41860 | Medium | 5.5 | — | 2024-08-14 | Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-39418 | Medium | 5.4 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39419 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39417 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39416 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39415 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39414 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39413 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39412 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39411 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39410 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on be… |
CVE-2024-39409 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on be… |
CVE-2024-39408 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson beh… |
CVE-2024-39407 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39405 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-39404 | Medium | 4.3 | — | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
Intel · 33 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24986 | High | 8.8 | — | 2024-08-14 | Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23981 | High | 8.8 | — | 2024-08-14 | Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23497 | High | 8.8 | — | 2024-08-14 | Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-28947 | High | 8.2 | — | 2024-08-14 | Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2024-25576 | High | 7.9 | — | 2024-08-14 | improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. |
CVE-2024-26022 | High | 7.8 | — | 2024-08-14 | Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-34163 | High | 7.5 | — | 2024-08-14 | Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. |
CVE-2024-21801 | High | 7.1 | — | 2024-08-14 | Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access. |
CVE-2024-29015 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-28887 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-28876 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-28172 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-28046 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-26027 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-26025 | Medium | 6.7 | — | 2024-08-14 | Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-25561 | Medium | 6.7 | — | 2024-08-14 | Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-24977 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23909 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23908 | Medium | 6.7 | — | 2024-08-14 | Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23907 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23495 | Medium | 6.7 | — | 2024-08-14 | Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23491 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-23489 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-22184 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21784 | Medium | 6.7 | — | 2024-08-14 | Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-24580 | Medium | 6.5 | — | 2024-08-14 | Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access. |
CVE-2024-23499 | Medium | 6.5 | — | 2024-08-14 | Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network acce… |
CVE-2024-39283 | Medium | 6.0 | — | 2024-08-14 | Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-25562 | Medium | 5.8 | — | 2024-08-14 | Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-27461 | Medium | 5.6 | — | 2024-08-14 | Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-43489 | Medium | 5.5 | — | 2024-08-14 | Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-28050 | Medium | 5.0 | — | 2024-08-14 | Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-24973 | Low | 2.2 | — | 2024-08-14 | Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. |
Amd · 27 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-20578 | High | 7.5 | — | 2024-08-13 | A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. |
CVE-2022-23815 | High | 7.5 | — | 2024-08-13 | Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution. |
CVE-2023-31315 | High | 7.5 | — | 2024-08-12 | Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. |
CVE-2023-31349 | High | 7.3 | — | 2024-08-13 | Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
CVE-2023-31348 | High | 7.3 | — | 2024-08-13 | A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
CVE-2023-31341 | High | 7.3 | — | 2024-08-13 | Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. |
CVE-2021-26344 | High | 7.2 | — | 2024-08-13 | An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB blo… |
CVE-2022-23817 | High | 7.0 | — | 2024-08-13 | Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege e… |
CVE-2023-20591 | Medium | 6.5 | — | 2024-08-13 | Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and… |
CVE-2024-21981 | Medium | 5.7 | — | 2024-08-13 | Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality a… |
CVE-2021-26367 | Medium | 5.7 | — | 2024-08-13 | A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability. |
CVE-2023-20584 | Medium | 5.3 | — | 2024-08-13 | IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially le… |
CVE-2023-20509 | Medium | 5.2 | — | 2024-08-13 | An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity. |
CVE-2021-46746 | Medium | 5.2 | — | 2024-08-13 | Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potent… |
CVE-2023-31310 | Medium | 5.0 | — | 2024-08-13 | Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availabili… |
CVE-2023-31339 | Medium | 4.8 | — | 2024-08-13 | Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service. |
CVE-2023-20510 | Medium | 4.7 | — | 2024-08-13 | An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service. |
CVE-2023-31356 | Medium | 4.4 | — | 2024-08-13 | Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. |
CVE-2021-46772 | Low | 3.9 | — | 2024-08-13 | Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in me… |
CVE-2021-26387 | Low | 3.9 | — | 2024-08-13 | Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity. |
CVE-2023-31366 | Low | 3.3 | — | 2024-08-13 | Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. |
CVE-2023-20513 | Low | 3.3 | — | 2024-08-13 | An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service. |
CVE-2023-31307 | Low | 2.3 | — | 2024-08-13 | Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. |
CVE-2023-31304 | Low | 2.3 | — | 2024-08-13 | Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) to modify the PCIe® lane count and speed, potentially leading to a loss of availability. |
CVE-2023-31305 | Low | 1.9 | — | 2024-08-13 | Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure. |
CVE-2023-20518 | Low | 1.9 | — | 2024-08-13 | Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. |
CVE-2023-20512 | Low | 1.9 | — | 2024-08-13 | A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage. |
Oretnom23 · 26 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7798 | High | 7.3 | — | 2024-08-15 | A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-7797 | High | 7.3 | — | 2024-08-15 | A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-7853 | Medium | 6.3 | — | 2024-08-16 | A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. |
CVE-2024-7851 | Medium | 6.3 | — | 2024-08-16 | A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. |
CVE-2024-7841 | Medium | 6.3 | — | 2024-08-15 | A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. |
CVE-2024-7800 | Medium | 6.3 | — | 2024-08-15 | A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-7754 | Medium | 6.3 | — | 2024-08-14 | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. |
CVE-2024-7751 | Medium | 6.3 | — | 2024-08-13 | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. |
CVE-2024-7750 | Medium | 6.3 | — | 2024-08-13 | A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. |
CVE-2024-7676 | Medium | 6.3 | — | 2024-08-12 | A vulnerability was found in Sourcecodester Car Driving School Management System 1.0. |
CVE-2024-7669 | Medium | 6.3 | — | 2024-08-12 | A vulnerability was found in SourceCodester Car Driving School Management System 1.0 and classified as critical. |
CVE-2024-7668 | Medium | 6.3 | — | 2024-08-12 | A vulnerability has been found in SourceCodester Car Driving School Management System 1.0 and classified as critical. |
CVE-2024-7667 | Medium | 6.3 | — | 2024-08-12 | A vulnerability, which was classified as critical, was found in SourceCodester Car Driving School Management System 1.0. |
CVE-2024-7666 | Medium | 6.3 | — | 2024-08-12 | A vulnerability, which was classified as critical, has been found in SourceCodester Car Driving School Management System 1.0. |
CVE-2024-7665 | Medium | 6.3 | — | 2024-08-12 | A vulnerability classified as critical was found in SourceCodester Car Driving School Management System 1.0. |
CVE-2024-7664 | Medium | 6.3 | — | 2024-08-12 | A vulnerability classified as critical has been found in SourceCodester Car Driving School Management System 1.0. |
CVE-2024-7663 | Medium | 6.3 | — | 2024-08-12 | A vulnerability was found in SourceCodester Car Driving School Management System 1.0. |
CVE-2024-7799 | Medium | 5.3 | — | 2024-08-15 | A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-7753 | Medium | 5.3 | — | 2024-08-14 | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. |
CVE-2024-7662 | Medium | 4.3 | — | 2024-08-12 | A vulnerability was found in SourceCodester Car Driving School Management System 1.0. |
CVE-2024-7661 | Medium | 4.3 | — | 2024-08-12 | A vulnerability was found in SourceCodester Car Driving School Management System 1.0. |
CVE-2024-7645 | Medium | 4.3 | — | 2024-08-12 | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. |
CVE-2024-7852 | Low | 3.5 | — | 2024-08-16 | A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. |
CVE-2024-7752 | Low | 3.5 | — | 2024-08-14 | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. |
CVE-2024-7678 | Low | 3.5 | — | 2024-08-12 | A vulnerability was found in SourceCodester Car Driving School Management System 1.0. |
CVE-2024-7677 | Low | 3.5 | — | 2024-08-12 | A vulnerability was found in SourceCodester Car Driving School Management System 1.0. |
Ibm · 19 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35124 | High | 7.5 | — | 2024-08-13 | A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BM… |
CVE-2024-40697 | High | 7.5 | — | 2024-08-13 | IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. |
CVE-2022-33162 | High | 7.3 | — | 2024-08-16 | IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the priv… |
CVE-2023-47728 | Medium | 6.5 | — | 2024-08-16 | IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the reques… |
CVE-2024-40705 | Medium | 6.5 | — | 2024-08-15 | IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. |
CVE-2024-37529 | Medium | 6.5 | — | 2024-08-14 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. |
CVE-2024-35152 | Medium | 6.5 | — | 2024-08-14 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. |
CVE-2023-38018 | Medium | 6.3 | — | 2024-08-12 | IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. |
CVE-2024-31905 | Medium | 5.9 | — | 2024-08-15 | IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. |
CVE-2024-27267 | Medium | 5.9 | — | 2024-08-14 | The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. |
CVE-2024-28799 | Medium | 5.6 | — | 2024-08-14 | IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which ma… |
CVE-2024-25024 | Medium | 5.5 | — | 2024-08-15 | IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. |
CVE-2024-35136 | Medium | 5.3 | — | 2024-08-14 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. |
CVE-2024-31882 | Medium | 5.3 | — | 2024-08-14 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an aut… |
CVE-2023-50314 | Medium | 5.3 | — | 2024-08-14 | IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. |
CVE-2023-50315 | Medium | 5.3 | — | 2024-08-14 | IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. |
CVE-2024-40704 | Medium | 4.9 | — | 2024-08-15 | IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. |
CVE-2024-41774 | Medium | 4.8 | — | 2024-08-13 | IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. |
CVE-2022-38382 | Medium | 4.7 | — | 2024-08-13 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. |
Siemens · 19 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-41940 | Critical | 9.1 | — | 2024-08-13 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). |
CVE-2024-41939 | High | 8.8 | — | 2024-08-13 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). |
CVE-2024-41908 | High | 7.8 | — | 2024-08-13 | A vulnerability has been identified in NX (All versions < V2406.3000). |
CVE-2024-36398 | High | 7.8 | — | 2024-08-13 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). |
CVE-2023-7066 | High | 7.8 | — | 2024-08-12 | The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. |
CVE-2024-41904 | High | 7.5 | — | 2024-08-13 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). |
CVE-2024-41976 | High | 7.2 | — | 2024-08-13 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8… |
CVE-2024-41977 | High | 7.1 | — | 2024-08-13 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8… |
CVE-2024-41905 | Medium | 6.8 | — | 2024-08-13 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). |
CVE-2024-41681 | Medium | 6.7 | — | 2024-08-13 | A vulnerability has been identified in Location Intelligence family (All versions < V4.4). |
CVE-2024-41903 | Medium | 6.6 | — | 2024-08-13 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). |
CVE-2024-41978 | Medium | 6.5 | — | 2024-08-13 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8… |
CVE-2024-41938 | Medium | 5.5 | — | 2024-08-13 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). |
CVE-2024-41683 | Medium | 5.3 | — | 2024-08-13 | A vulnerability has been identified in Location Intelligence family (All versions < V4.4). |
CVE-2024-41682 | Medium | 5.3 | — | 2024-08-13 | A vulnerability has been identified in Location Intelligence family (All versions < V4.4). |
CVE-2024-41906 | Medium | 4.8 | — | 2024-08-13 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). |
CVE-2024-39922 | Medium | 4.6 | — | 2024-08-13 | A vulnerability has been identified in LOGO! |
CVE-2024-41941 | Medium | 4.3 | — | 2024-08-13 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). |
CVE-2024-41907 | Medium | 4.2 | — | 2024-08-13 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). |
Sap · 17 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-41730 | Critical | 9.8 | — | 2024-08-13 | In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. |
CVE-2024-42374 | High | 8.2 | — | 2024-08-13 | BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. |
CVE-2024-33003 | High | 7.4 | — | 2024-08-13 | Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path par… |
CVE-2024-42376 | Medium | 6.5 | — | 2024-08-13 | SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. |
CVE-2024-33005 | Medium | 6.3 | — | 2024-08-13 | Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actio… |
CVE-2024-41735 | Medium | 5.4 | — | 2024-08-13 | SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. |
CVE-2024-41733 | Medium | 5.3 | — | 2024-08-13 | In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. |
CVE-2024-41737 | Medium | 5.0 | — | 2024-08-13 | SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. |
CVE-2024-41732 | Medium | 4.7 | — | 2024-08-13 | SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. |
CVE-2024-42373 | Medium | 4.3 | — | 2024-08-13 | SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. |
CVE-2024-41734 | Medium | 4.3 | — | 2024-08-13 | Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. |
CVE-2024-39591 | Medium | 4.3 | — | 2024-08-13 | SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. |
CVE-2024-42377 | Medium | 4.3 | — | 2024-08-13 | SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application |
CVE-2024-42375 | Medium | 4.3 | — | 2024-08-13 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. |
CVE-2024-41736 | Medium | 4.3 | — | 2024-08-13 | Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. |
CVE-2024-28166 | Low | 3.7 | — | 2024-08-13 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. |
CVE-2024-41731 | Low | 3.1 | — | 2024-08-13 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. |
Mayurik · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-40475 | High | 8.8 | — | 2024-08-12 | SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php. |
CVE-2024-40476 | High | 8.0 | — | 2024-08-12 | A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. |
CVE-2024-7642 | Medium | 6.3 | — | 2024-08-12 | A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. |
CVE-2024-7641 | Medium | 6.3 | — | 2024-08-12 | A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-7640 | Medium | 6.3 | — | 2024-08-12 | A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-7639 | Medium | 6.3 | — | 2024-08-12 | A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-7638 | Medium | 6.3 | — | 2024-08-12 | A vulnerability classified as critical has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-40474 | Medium | 5.4 | — | 2024-08-12 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0. |
CVE-2024-40473 | Medium | 5.4 | — | 2024-08-12 | A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. |
CVE-2024-7812 | Low | 3.5 | — | 2024-08-15 | A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. |
CVE-2024-7686 | Low | 3.5 | — | 2024-08-12 | A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-7685 | Low | 3.5 | — | 2024-08-12 | A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-7684 | Low | 3.5 | — | 2024-08-12 | A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-7683 | Low | 3.5 | — | 2024-08-12 | A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
Google · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-20083 | Critical | 9.8 | — | 2024-08-14 | In venc, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-34743 | High | 7.8 | — | 2024-08-15 | In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. |
CVE-2024-34741 | High | 7.8 | — | 2024-08-15 | In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the co… |
CVE-2024-34740 | High | 7.8 | — | 2024-08-15 | In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. |
CVE-2024-34739 | High | 7.8 | — | 2024-08-15 | In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. |
CVE-2024-34738 | High | 7.8 | — | 2024-08-15 | In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. |
CVE-2024-34737 | High | 7.8 | — | 2024-08-15 | In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. |
CVE-2024-34736 | High | 7.8 | — | 2024-08-15 | In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. |
CVE-2024-34734 | High | 7.8 | — | 2024-08-15 | In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. |
CVE-2024-31333 | High | 7.8 | — | 2024-08-15 | In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. |
CVE-2024-34727 | High | 7.5 | — | 2024-08-15 | In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. |
CVE-2024-34731 | High | 7.0 | — | 2024-08-15 | In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. |
CVE-2024-34742 | Medium | 5.5 | — | 2024-08-15 | In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. |
Zoom · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-39825 | High | 8.5 | — | 2024-08-14 | Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. |
CVE-2024-39818 | High | 7.5 | — | 2024-08-14 | Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. |
CVE-2024-42439 | Medium | 6.5 | — | 2024-08-14 | Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access. |
CVE-2024-42438 | Medium | 6.5 | — | 2024-08-14 | Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. |
CVE-2024-42437 | Medium | 6.5 | — | 2024-08-14 | Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. |
CVE-2024-42436 | Medium | 6.5 | — | 2024-08-14 | Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. |
CVE-2024-39822 | Medium | 6.5 | — | 2024-08-14 | Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access. |
CVE-2024-42441 | Medium | 6.2 | — | 2024-08-14 | Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local a… |
CVE-2024-42440 | Medium | 6.2 | — | 2024-08-14 | Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local ac… |
CVE-2024-42435 | Medium | 4.9 | — | 2024-08-14 | Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. |
CVE-2024-42434 | Medium | 4.9 | — | 2024-08-14 | Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. |
CVE-2024-39824 | Medium | 4.9 | — | 2024-08-14 | Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. |
CVE-2024-39823 | Medium | 4.9 | — | 2024-08-14 | Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. |
Frogcms_project · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42627 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3. |
CVE-2024-42626 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. |
CVE-2024-42625 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add |
CVE-2024-42624 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10. |
CVE-2024-42623 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1 |
CVE-2024-42632 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. |
CVE-2024-42631 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. |
CVE-2024-42630 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. |
CVE-2024-42629 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10. |
CVE-2024-42628 | High | 8.8 | — | 2024-08-12 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3. |
F5 · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-41727 | High | 7.5 | — | 2024-08-14 | In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reac… |
CVE-2024-39809 | High | 7.5 | — | 2024-08-14 | The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
CVE-2024-39792 | High | 7.5 | — | 2024-08-14 | When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
CVE-2024-39778 | High | 7.5 | — | 2024-08-14 | When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. |
CVE-2024-41164 | Medium | 5.9 | — | 2024-08-14 | When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. |
CVE-2024-37028 | Medium | 5.3 | — | 2024-08-14 | BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
CVE-2024-7347 | Medium | 4.7 | — | 2024-08-14 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. |
CVE-2024-41723 | Medium | 4.3 | — | 2024-08-14 | Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
CVE-2024-41719 | Medium | 4.2 | — | 2024-08-14 | When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS… |
D-link · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7849 | High | 8.8 | — | 2024-08-16 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DN… |
CVE-2024-7832 | High | 8.8 | — | 2024-08-15 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100… |
CVE-2024-7831 | High | 8.8 | — | 2024-08-15 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS… |
CVE-2024-7830 | High | 8.8 | — | 2024-08-15 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DN… |
CVE-2024-7829 | High | 8.8 | — | 2024-08-15 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340… |
CVE-2024-7828 | High | 8.8 | — | 2024-08-15 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-3… |
CVE-2024-7833 | Medium | 6.3 | — | 2024-08-15 | A vulnerability was found in D-Link DI-8100 16.07. |
CVE-2024-7715 | Medium | 6.3 | — | 2024-08-13 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100… |
Ivanti · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7593 | Critical | 9.8 | KEV | 2024-08-13 | Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. |
CVE-2024-7569 | Critical | 9.6 | — | 2024-08-13 | An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. |
CVE-2024-38652 | Critical | 9.1 | — | 2024-08-14 | Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. |
CVE-2024-7570 | High | 8.3 | — | 2024-08-13 | Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. |
CVE-2024-38653 | High | 7.5 | — | 2024-08-14 | XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. |
CVE-2024-37399 | High | 7.5 | — | 2024-08-14 | A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. |
CVE-2024-36136 | High | 7.5 | — | 2024-08-14 | An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. |
CVE-2024-37373 | High | 7.2 | — | 2024-08-14 | Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. |
Rockwell Automation · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7513 | High | 8.8 | — | 2024-08-14 | CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. |
CVE-2024-7515 | High | 7.5 | — | 2024-08-14 | CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. |
CVE-2024-40620 | High | 7.5 | — | 2024-08-14 | CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. |
CVE-2024-40619 | High | 7.5 | — | 2024-08-14 | CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. |
CVE-2024-7507 | Medium | 6.5 | — | 2024-08-14 | CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. |
CVE-2024-6078 | — | — | — | 2024-08-14 | CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. |
CVE-2024-7567 | — | — | — | 2024-08-13 | A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). |
CVE-2024-6079 | — | — | — | 2024-08-13 | A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. |
Zabbix · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22116 | Critical | 9.9 | — | 2024-08-12 | An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. |
CVE-2024-36461 | Critical | 9.1 | — | 2024-08-12 | Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. |
CVE-2024-36460 | High | 8.1 | — | 2024-08-12 | The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. |
CVE-2024-36462 | High | 7.5 | — | 2024-08-12 | Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. |
CVE-2024-22121 | Medium | 6.1 | — | 2024-08-12 | A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. |
CVE-2024-22114 | Medium | 4.3 | — | 2024-08-12 | User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard. |
CVE-2024-22122 | Low | 3.0 | — | 2024-08-12 | Zabbix allows to configure SMS notifications. |
CVE-2024-22123 | Low | 2.7 | — | 2024-08-12 | Setting SMS media allows to set GSM modem file. |
Lenovo · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4763 | High | 7.8 | — | 2024-08-16 | An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel. |
CVE-2024-2175 | High | 7.8 | — | 2024-08-16 | An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. |
CVE-2024-6004 | Medium | 6.5 | — | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. |
CVE-2024-5210 | Medium | 6.5 | — | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted. |
CVE-2024-5209 | Medium | 6.5 | — | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted. |
CVE-2024-4782 | Medium | 6.5 | — | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs. |
CVE-2024-4781 | Medium | 6.5 | — | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. |
Code-projects · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7808 | High | 7.3 | — | 2024-08-15 | A vulnerability was found in code-projects Job Portal 1.0. |
CVE-2024-7682 | High | 7.3 | — | 2024-08-12 | A vulnerability was found in code-projects Job Portal 1.0. |
CVE-2024-7681 | High | 7.3 | — | 2024-08-12 | A vulnerability was found in code-projects College Management System 1.0. |
CVE-2024-7637 | High | 7.3 | — | 2024-08-12 | A vulnerability was found in code-projects Online Polling 1.0. |
CVE-2024-7636 | High | 7.3 | — | 2024-08-12 | A vulnerability was found in code-projects Simple Ticket Booking 1.0. |
CVE-2024-7635 | High | 7.3 | — | 2024-08-12 | A vulnerability was found in code-projects Simple Ticket Booking 1.0. |
Enphase · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21878 | Critical | 9.8 | — | 2024-08-12 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. |
CVE-2024-21876 | Critical | 9.1 | — | 2024-08-12 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This is… |
CVE-2024-21879 | High | 8.8 | — | 2024-08-12 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue a… |
CVE-2024-21880 | High | 7.2 | — | 2024-08-12 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue af… |
CVE-2024-21877 | Medium | 6.5 | — | 2024-08-12 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. |
CVE-2024-21881 | — | — | — | 2024-08-12 | Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x |
Sourcecodester · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7845 | Medium | 6.3 | — | 2024-08-16 | A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. |
CVE-2024-7810 | Medium | 6.3 | — | 2024-08-15 | A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. |
CVE-2024-7843 | Medium | 5.3 | — | 2024-08-15 | A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. |
CVE-2024-7842 | Medium | 5.3 | — | 2024-08-15 | A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. |
CVE-2024-7809 | Medium | 5.3 | — | 2024-08-15 | A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. |
CVE-2024-7844 | Low | 3.5 | — | 2024-08-15 | A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic. |
Vonets · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-39791 | Critical | 10.0 | — | 2024-08-12 | Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code. |
CVE-2024-39815 | Critical | 9.1 | — | 2024-08-12 | Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause… |
CVE-2024-37023 | Critical | 9.1 | — | 2024-08-12 | Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands v… |
CVE-2024-42001 | High | 8.6 | — | 2024-08-12 | An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a… |
CVE-2024-29082 | High | 8.6 | — | 2024-08-12 | Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory res… |
CVE-2024-41936 | High | 7.5 | — | 2024-08-12 | A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentic… |
Apache · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29831 | High | 8.8 | — | 2024-08-12 | Improper Input Validation vulnerability in Apache DolphinScheduler. |
CVE-2024-30188 | High | 8.1 | — | 2024-08-12 | File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. |
CVE-2024-41909 | Medium | 5.9 | — | 2024-08-12 | Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. |
CVE-2024-41890 | Medium | 5.3 | — | 2024-08-12 | Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. |
CVE-2024-41888 | Medium | 5.3 | — | 2024-08-12 | Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. |
Crocoblock · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7145 | High | 8.8 | — | 2024-08-16 | The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. |
CVE-2024-7146 | High | 8.8 | — | 2024-08-16 | The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. |
CVE-2024-7144 | Medium | 6.4 | — | 2024-08-16 | The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. |
CVE-2024-7147 | Medium | 6.4 | — | 2024-08-16 | The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. |
CVE-2024-7136 | Medium | 6.4 | — | 2024-08-16 | The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. |
Fiware · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42167 | Critical | 9.1 | — | 2024-08-12 | The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. |
CVE-2024-42166 | Critical | 9.1 | — | 2024-08-12 | The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. |
CVE-2024-42163 | High | 8.3 | — | 2024-08-12 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. |
CVE-2024-42165 | Medium | 6.3 | — | 2024-08-12 | Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. |
CVE-2024-42164 | Medium | 4.3 | — | 2024-08-12 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. |
Fortinet · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-26211 | Medium | 6.8 | — | 2024-08-13 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. |
CVE-2022-27486 | Medium | 6.6 | — | 2024-08-13 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and Forti… |
CVE-2024-21757 | Medium | 6.1 | — | 2024-08-13 | A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7… |
CVE-2024-36505 | Medium | 5.1 | — | 2024-08-13 | An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via… |
CVE-2022-45862 | Low | 3.7 | — | 2024-08-13 | An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all ve… |
Manageengine · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5527 | High | 8.3 | — | 2024-08-12 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. |
CVE-2024-5487 | High | 8.3 | — | 2024-08-12 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. |
CVE-2024-36518 | High | 8.3 | — | 2024-08-12 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. |
CVE-2024-36035 | High | 8.3 | — | 2024-08-12 | Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. |
CVE-2024-36034 | High | 8.3 | — | 2024-08-12 | Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. |
Red Hat · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7557 | High | 8.8 | — | 2024-08-12 | A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. |
CVE-2024-5651 | High | 8.8 | — | 2024-08-12 | A flaw was found in the Fence Agents Remediation operator. |
CVE-2024-7700 | Medium | 6.5 | — | 2024-08-12 | A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. |
CVE-2024-43168 | Medium | 4.8 | — | 2024-08-12 | DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. |
CVE-2024-43167 | Low | 2.8 | — | 2024-08-12 | DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. |
Rems · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7811 | Medium | 6.3 | — | 2024-08-15 | A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. |
CVE-2024-7792 | Medium | 6.3 | — | 2024-08-14 | A vulnerability was found in SourceCodester Task Progress Tracker 1.0. |
CVE-2024-7643 | Medium | 6.3 | — | 2024-08-12 | A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. |
CVE-2024-7793 | Low | 3.5 | — | 2024-08-14 | A vulnerability was found in SourceCodester Task Progress Tracker 1.0. |
CVE-2024-7644 | Low | 3.5 | — | 2024-08-12 | A vulnerability was found in SourceCodester Leads Manager Tool 1.0. |
Upkeeper · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42466 | Critical | 9.8 | — | 2024-08-16 | Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. |
CVE-2024-42465 | Critical | 9.8 | — | 2024-08-16 | Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. |
CVE-2024-42462 | Critical | 9.8 | — | 2024-08-16 | Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9. |
CVE-2024-42464 | Medium | 6.5 | — | 2024-08-16 | Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. |
CVE-2024-42463 | Medium | 6.5 | — | 2024-08-16 | Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. |
Aveva · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6456 | — | — | — | 2024-08-15 | AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a sp… |
CVE-2024-7113 | — | — | — | 2024-08-13 | If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack. |
CVE-2024-6619 | — | — | — | 2024-08-13 | In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service. |
CVE-2024-6618 | — | — | — | 2024-08-13 | In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL). |
Coffee2code · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7416 | Medium | 5.3 | — | 2024-08-12 | The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. |
CVE-2024-7413 | Medium | 5.3 | — | 2024-08-12 | The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. |
CVE-2024-7412 | Medium | 5.3 | — | 2024-08-12 | The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. |
CVE-2024-7382 | Medium | 5.3 | — | 2024-08-12 | The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. |
Freebsd · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7589 | High | 8.1 | — | 2024-08-12 | A signal handler in sshd(8) may call a logging function that is not async-signal-safe. |
CVE-2024-6760 | High | 7.5 | — | 2024-08-12 | A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. |
CVE-2024-6640 | Medium | 6.3 | — | 2024-08-12 | In ICMPv6 Neighbor Discovery (ND), the ID is always 0. |
CVE-2024-6759 | Medium | 5.3 | — | 2024-08-12 | When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". |
Friendica · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27730 | Critical | 9.8 | — | 2024-08-15 | Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. |
CVE-2024-27731 | Medium | 6.1 | — | 2024-08-15 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. |
CVE-2024-27729 | Medium | 6.1 | — | 2024-08-15 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. |
CVE-2024-27728 | Medium | 6.1 | — | 2024-08-15 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. |
Jetbrains · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43810 | Medium | 4.6 | — | 2024-08-16 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin |
CVE-2024-43807 | Medium | 4.6 | — | 2024-08-16 | In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page |
CVE-2024-43808 | Low | 3.7 | — | 2024-08-16 | In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin |
CVE-2024-43809 | Low | 3.5 | — | 2024-08-16 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page |
Lopalopa · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-40486 | Critical | 9.8 | — | 2024-08-12 | A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. |
CVE-2024-40482 | Critical | 9.8 | — | 2024-08-12 | An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. |
CVE-2024-40488 | High | 8.8 | — | 2024-08-12 | A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. |
CVE-2024-40487 | High | 7.6 | — | 2024-08-12 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. |
Ltcms · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7743 | High | 7.3 | — | 2024-08-13 | A vulnerability was found in wanglongcn ltcms 1.0.20. |
CVE-2024-7742 | High | 7.3 | — | 2024-08-13 | A vulnerability was found in wanglongcn ltcms 1.0.20. |
CVE-2024-7740 | High | 7.3 | — | 2024-08-13 | A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. |
CVE-2024-7741 | Medium | 5.3 | — | 2024-08-13 | A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. |
Openhab · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42467 | Critical | 10.0 | — | 2024-08-12 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. |
CVE-2024-42469 | Critical | 9.8 | — | 2024-08-12 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. |
CVE-2024-42470 | Medium | 6.5 | — | 2024-08-12 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. |
CVE-2024-42468 | Medium | 5.3 | — | 2024-08-12 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. |
Tenda · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7707 | High | 8.8 | — | 2024-08-13 | A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. |
CVE-2024-7615 | High | 8.8 | — | 2024-08-12 | A vulnerability was found in Tenda FH1206 1.2.0.8. |
CVE-2024-7614 | High | 8.8 | — | 2024-08-12 | A vulnerability was found in Tenda FH1206 1.2.0.8(8155). |
CVE-2024-7613 | High | 8.8 | — | 2024-08-12 | A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. |
Zoneminder · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43360 | Critical | 9.8 | — | 2024-08-12 | ZoneMinder is a free, open source closed-circuit television software application. |
CVE-2023-41884 | High | 7.1 | — | 2024-08-12 | ZoneMinder is a free, open source Closed-circuit television software application. |
CVE-2024-43358 | Medium | 6.1 | — | 2024-08-12 | ZoneMinder is a free, open source closed-circuit television software application. |
CVE-2024-43359 | Unrated | — | — | 2024-08-12 | ZoneMinder is a free, open source closed-circuit television software application. |
Bdthemes · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4359 | Medium | 6.5 | — | 2024-08-12 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lac… |
CVE-2024-7247 | Medium | 6.4 | — | 2024-08-13 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all vers… |
CVE-2024-4360 | Medium | 6.4 | — | 2024-08-12 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5… |
Cilium · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42488 | Medium | 6.8 | — | 2024-08-15 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. |
CVE-2024-42486 | Medium | 5.4 | — | 2024-08-16 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. |
CVE-2024-42487 | Medium | 4.0 | — | 2024-08-15 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. |
Cysoft168 · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42679 | High | 7.8 | — | 2024-08-15 | SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. |
CVE-2024-42678 | Medium | 6.1 | — | 2024-08-15 | Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. |
CVE-2024-42680 | Medium | 5.5 | — | 2024-08-15 | An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. |
Ggerganov · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42479 | Critical | 10.0 | — | 2024-08-12 | llama.cpp provides LLM inference in C/C++. |
CVE-2024-42478 | Medium | 5.3 | — | 2024-08-12 | llama.cpp provides LLM inference in C/C++. |
CVE-2024-42477 | Medium | 5.3 | — | 2024-08-12 | llama.cpp provides LLM inference in C/C++. |
Gncchome · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31800 | Medium | 6.8 | — | 2024-08-15 | Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. |
CVE-2024-31798 | Medium | 6.8 | — | 2024-08-15 | Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices |
CVE-2024-31799 | Medium | 4.6 | — | 2024-08-15 | Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. |
H3c · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42639 | Critical | 9.8 | — | 2024-08-16 | H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. |
CVE-2024-42638 | Critical | 9.8 | — | 2024-08-16 | H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
CVE-2024-42637 | Critical | 9.8 | — | 2024-08-16 | H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
Jayesh · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-40480 | Critical | 9.8 | — | 2024-08-12 | A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user account… |
CVE-2024-40479 | High | 8.1 | — | 2024-08-12 | A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. |
CVE-2024-40478 | Medium | 5.4 | — | 2024-08-12 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields |
Palo Alto Networks · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5914 | Critical | 9.8 | — | 2024-08-14 | A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. |
CVE-2024-5915 | High | 7.8 | — | 2024-08-14 | A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. |
CVE-2024-5916 | Medium | 4.4 | — | 2024-08-14 | An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. |
Pepperl+fuchs · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5849 | High | 7.1 | — | 2024-08-13 | An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. |
CVE-2024-38502 | High | 7.1 | — | 2024-08-13 | An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. |
CVE-2024-38501 | Medium | 6.1 | — | 2024-08-13 | An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. |
Remyandrade · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7748 | Medium | 6.3 | — | 2024-08-13 | A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. |
CVE-2024-7749 | Low | 3.5 | — | 2024-08-13 | A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. |
CVE-2024-7660 | Low | 3.5 | — | 2024-08-12 | A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. |
Tipsandtricks-hq · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6133 | Medium | 6.5 | — | 2024-08-12 | The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users suc… |
CVE-2024-6136 | Medium | 5.4 | — | 2024-08-12 | The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks |
CVE-2024-6134 | Medium | 5.4 | — | 2024-08-12 | The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users suc… |
Wpdeveloper · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43129 | Medium | 6.5 | — | 2024-08-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8. |
CVE-2024-43227 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper BetterDocs allows Stored XSS.This issue affects BetterDocs: from n/a through 3.5.8. |
CVE-2024-7092 | Medium | 6.4 | — | 2024-08-13 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and includi… |
Wpweb · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7503 | Critical | 9.8 | — | 2024-08-12 | The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. |
CVE-2024-39651 | High | 8.6 | — | 2024-08-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5. |
CVE-2024-43131 | High | 7.5 | — | 2024-08-13 | Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlis… |
Xpdf · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7868 | High | 8.2 | — | 2024-08-15 | In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. |
CVE-2024-7867 | Medium | 6.2 | — | 2024-08-15 | In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. |
CVE-2024-7866 | Medium | 5.5 | — | 2024-08-15 | In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow. |
Angeljudesuarez · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7839 | High | 7.3 | — | 2024-08-15 | A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. |
CVE-2024-7680 | Medium | 6.3 | — | 2024-08-12 | A vulnerability was found in itsourcecode Tailoring Management System 1.0. |
Antoine Hurkmans · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43139 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9. |
CVE-2024-43130 | Medium | 5.9 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10. |
Averta · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4389 | High | 8.8 | — | 2024-08-14 | The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. |
CVE-2024-43161 | Medium | 5.9 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2. |
Awesomemotive · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6691 | Medium | 4.4 | — | 2024-08-12 | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due… |
CVE-2024-6692 | Low | 3.3 | — | 2024-08-12 | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3… |
Brainstorm Force · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7590 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows DOM-Based XSS.This issue affects Spectra: from n/a through <= 2.14.1. |
CVE-2024-43151 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder… |
Cayin Technology · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7729 | High | 7.5 | — | 2024-08-14 | The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. |
CVE-2024-7728 | High | 7.2 | — | 2024-08-14 | The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server. |
Codeastro · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7815 | Low | 2.4 | — | 2024-08-15 | A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. |
CVE-2024-7814 | Low | 2.4 | — | 2024-08-15 | A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. |
Concrete Cms · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7512 | Medium | 4.8 | — | 2024-08-12 | Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. |
CVE-2024-4350 | Medium | 4.8 | — | 2024-08-12 | Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. |
Cordea · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42476 | Medium | 6.5 | — | 2024-08-15 | In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session ass… |
CVE-2024-42475 | Medium | 6.5 | — | 2024-08-15 | In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. |
Directus · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6533 | Medium | 5.4 | — | 2024-08-15 | Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. |
CVE-2024-6534 | Medium | 4.3 | — | 2024-08-15 | Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. |
Elastic · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37287 | Critical | 9.1 | — | 2024-08-13 | A flaw allowing arbitrary code execution was discovered in Kibana. |
CVE-2024-37283 | Medium | 6.5 | — | 2024-08-12 | An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. |
Firewalla · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-40892 | High | 7.1 | — | 2024-08-12 | A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. |
CVE-2024-40893 | Medium | 6.8 | — | 2024-08-12 | Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. |
Fujian · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7706 | Medium | 4.7 | — | 2024-08-12 | A vulnerability was found in Fujian mwcms 1.0.0. |
CVE-2024-7705 | Medium | 4.7 | — | 2024-08-12 | A vulnerability was found in Fujian mwcms 1.0.0. |
Isellerpal · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42676 | High | 8.8 | — | 2024-08-15 | File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. |
CVE-2024-42677 | Medium | 5.5 | — | 2024-08-15 | An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. |
Linux · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42259 | Medium | 5.5 | — | 2024-08-14 | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual siz… |
CVE-2024-42258 | Medium | 5.5 | — | 2024-08-12 | In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge pag… |
Mitel · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36446 | High | 8.8 | — | 2024-08-13 | The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. |
CVE-2024-41710 | High | 7.2 | KEV | 2024-08-12 | A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argum… |
Phoenix Contact · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6788 | High | 8.6 | — | 2024-08-13 | A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password. |
CVE-2024-3913 | Medium | 5.9 | — | 2024-08-13 | An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. |
Pickplugins · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43155 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86. |
CVE-2024-7588 | Medium | 6.4 | — | 2024-08-14 | The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and out… |
Secom · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7732 | Critical | 9.8 | — | 2024-08-14 | Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. |
CVE-2024-7731 | Critical | 9.8 | — | 2024-08-14 | Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. |
Wpmet · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7064 | Medium | 6.4 | — | 2024-08-15 | The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. |
CVE-2024-7063 | Medium | 4.3 | — | 2024-08-15 | The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. |
Wpopal · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7649 | Medium | 6.1 | — | 2024-08-12 | The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. |
CVE-2024-7648 | Medium | 4.3 | — | 2024-08-12 | The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. |
Yzane · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7739 | Medium | 4.3 | — | 2024-08-13 | A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. |
CVE-2024-7738 | Low | 3.3 | — | 2024-08-13 | A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. |
10web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43220 | High | 7.1 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26. |
3dflipbook · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43152 | Medium | 5.9 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipb… |
Addonmaster · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43156 | High | 7.1 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10. |
Admerc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7794 | Medium | 6.3 | — | 2024-08-14 | A vulnerability was found in itsourcecode Vehicle Management System 1.0. |
Aiohttp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42367 | Medium | 4.8 | — | 2024-08-12 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. |
Airveda · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7408 | Medium | 6.5 | — | 2024-08-12 | This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. |
Amttgroup · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-41476 | Critical | 9.8 | — | 2024-08-12 | AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php. |
Anhvnit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37935 | High | 7.5 | — | 2024-08-13 | Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. |
Annke · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-39091 | High | 8.8 | — | 2024-08-12 | An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request. |
Axios · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-39338 | High | 7.5 | — | 2024-08-12 | axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. |
Axtonyao · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6639 | Medium | 6.4 | — | 2024-08-12 | The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied att… |
B&r Industrial Automation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5801 | — | — | — | 2024-08-12 | Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filterin… |
Bannersky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43233 | High | 7.1 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8. |
Basecamp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43368 | Medium | 6.5 | — | 2024-08-14 | The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. |
Berqwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43160 | Critical | 10.0 | — | 2024-08-13 | Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. |
Blockspare · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43164 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0. |
Boa-dev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43367 | High | 7.5 | — | 2024-08-15 | Boa is an embeddable and experimental Javascript engine written in Rust. |
Bplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43148 | Medium | 5.9 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3. |
Br-automation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5800 | High | 7.5 | — | 2024-08-12 | Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication. |
Canonical · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0115 | Medium | 6.1 | — | 2024-08-12 | NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. |
Celsius Benelux · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27120 | High | 7.5 | — | 2024-08-14 | A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. |
Clastix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42480 | High | 8.1 | — | 2024-08-12 | Kamaji is the Hosted Control Plane Manager for Kubernetes. |
Codersaiful · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6532 | Medium | 6.4 | — | 2024-08-14 | The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization… |
Comesio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7630 | Medium | 5.3 | — | 2024-08-16 | The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 (Free) and 2.25.1 (Premium) via the relevanssi_do_query() due to insufficient limitations on the posts… |
Contrid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7411 | Medium | 5.3 | — | 2024-08-15 | The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. |
Creativemindssolutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43149 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7. |
Cservit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6562 | Medium | 5.3 | — | 2024-08-12 | The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. |
Cyberfoxdigital · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7574 | Medium | 6.1 | — | 2024-08-12 | The Christmasify! |
D3dsecurity · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-41623 | Critical | 9.8 | — | 2024-08-13 | An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload |
David Maucher · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38760 | Medium | 5.3 | — | 2024-08-13 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. |
Davidlingren · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6823 | High | 8.8 | — | 2024-08-13 | The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. |
Debian · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42472 | Critical | 10.0 | — | 2024-08-15 | Flatpak is a Linux application sandboxing and distribution framework. |
Dell · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38483 | Medium | 5.8 | — | 2024-08-14 | Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. |
Devikia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7790 | Medium | 6.5 | — | 2024-08-14 | A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. |
Dotcamp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43125 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder – WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder – WordPress Table… |
Dylanjkotze · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7624 | High | 8.1 | — | 2024-08-15 | The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. |
Edgarrojas · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7414 | Medium | 5.3 | — | 2024-08-12 | The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. |
Edimax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7616 | Medium | 5.5 | — | 2024-08-12 | A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. |
Elabftw · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25633 | Medium | 5.4 | — | 2024-08-15 | eLabFTW is an open source electronic lab notebook for research labs. |
Ericsson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25008 | Medium | 6.8 | — | 2024-08-16 | Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. |
Esthertyler · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7410 | Medium | 5.3 | — | 2024-08-12 | The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. |
F1logic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7420 | Medium | 5.8 | — | 2024-08-15 | The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. |
Ffmpeg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7272 | Medium | 6.3 | — | 2024-08-12 | A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. |
Fish-shop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42482 | Medium | 4.8 | — | 2024-08-12 | fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. |
Fortra · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25157 | Medium | 6.5 | — | 2024-08-14 | An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. |
G5plus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43140 | High | 7.5 | — | 2024-08-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor… |
Ge · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6098 | Medium | 5.3 | — | 2024-08-16 | When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulate… |
Gfazioli · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7388 | Medium | 4.0 | — | 2024-08-13 | The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. |
Gila · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7657 | Low | 3.5 | — | 2024-08-12 | A vulnerability classified as problematic was found in Gila CMS 1.10.9. |
Gravitymaster97 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7049 | Medium | 4.3 | — | 2024-08-16 | The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user contro… |
Gst Electronics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6684 | — | — | — | 2024-08-12 | Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass. |
Guillaumepotier · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43370 | High | 7.2 | — | 2024-08-16 | gettext.js is a GNU gettext port for node and the browser. |
Gunet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38530 | Critical | 9.8 | — | 2024-08-12 | The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. |
Hashicorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7625 | Medium | 5.8 | — | 2024-08-15 | In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive hea… |
Havocframework · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-41570 | Critical | 9.8 | — | 2024-08-12 | An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server. |
Hitpay Payment Solutions Pte Ltd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38747 | High | 7.5 | — | 2024-08-13 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay P… |
Humanityco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-3399 | Medium | 4.4 | — | 2024-08-16 | The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient inp… |
Ibexa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43369 | High | 7.2 | — | 2024-08-16 | Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. |
Inspireui · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7628 | High | 8.1 | — | 2024-08-15 | The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. |
Iptanus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7301 | High | 7.2 | — | 2024-08-16 | The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. |
Iqonic Design · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43124 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10. |
Itsourcecode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7838 | High | 7.3 | — | 2024-08-15 | A vulnerability was found in itsourcecode Online Food Ordering System 1.0. |
Javier Carazo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38787 | High | 7.5 | — | 2024-08-13 | Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.8. |
Jeroen Sormani · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43226 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11. |
Jfarthing84 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7422 | Medium | 4.3 | — | 2024-08-16 | The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. |
Kubernetes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7646 | High | 8.8 | — | 2024-08-16 | A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the c… |
La-studio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43210 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a t… |
Libtiff · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7006 | High | 7.5 | — | 2024-08-12 | A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. |
Litestar-org · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42370 | High | 8.3 | — | 2024-08-12 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. |
Mage-people · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43138 | Medium | 6.5 | — | 2024-08-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a throug… |
Magic-post-thumbnail · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6724 | Medium | 4.8 | — | 2024-08-13 | The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil… |
Matter-labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43366 | High | 7.5 | — | 2024-08-15 | zkvyper is a Vyper compiler. |
Mbe Worldwide S.p.a. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38742 | Medium | 5.3 | — | 2024-08-13 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. |
Mcjack123 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43395 | High | 8.2 | — | 2024-08-16 | CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. |
Meddiff Technologies · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2259 | — | — | — | 2024-08-13 | This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. |
Mediatek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-20082 | Critical | 9.8 | — | 2024-08-14 | In Modem, there is a possible memory corruption due to a missing bounds check. |
Mediavine · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43218 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through <= 2.10.4. |
Merkulove · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43147 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.11. |
Mintplex-labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3279 | Critical | 9.1 | — | 2024-08-12 | An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. |
Mongodb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6384 | Medium | 5.3 | — | 2024-08-13 | "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. |
Muhammad Rehman · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38724 | High | 7.1 | — | 2024-08-13 | Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact F… |
Multivendorx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43213 | High | 7.1 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17. |
N-able · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5445 | Low | 3.8 | — | 2024-08-12 | Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent an… |
Neovim · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43374 | Medium | 4.5 | — | 2024-08-16 | The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. |
Nissan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6347 | Medium | 6.5 | — | 2024-08-15 | * Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. |
Nixos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43378 | High | 7.8 | — | 2024-08-16 | calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. |
Nvidia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0113 | High | 7.5 | — | 2024-08-12 | NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. |
Olive Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38749 | Medium | 5.3 | — | 2024-08-13 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a t… |
Open-telemetry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42368 | Medium | 6.5 | — | 2024-08-13 | OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. |
Openfga · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42473 | High | 7.5 | — | 2024-08-12 | OpenFGA is an authorization/permission engine. |
Opentext · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7249 | Critical | 9.8 | — | 2024-08-12 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. |
Parcel Panel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43163 | High | 7.1 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2. |
Pierre Lebedel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43217 | High | 7.1 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. |
Pluginus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43121 | Critical | 9.1 | — | 2024-08-13 | Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1. |
Prison_management_system_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7813 | Medium | 5.3 | — | 2024-08-15 | A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. |
Pxlrbt · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42485 | High | 7.5 | — | 2024-08-12 | Filament Excel enables excel export for Filament admin resources. |
Pylons · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42353 | Medium | 6.1 | — | 2024-08-14 | WebOb provides objects for HTTP requests and responses. |
Qnap · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32765 | Medium | 4.2 | — | 2024-08-12 | A vulnerability has been reported to affect Network & Virtual Switch. |
Rabilal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7094 | Critical | 9.8 | — | 2024-08-13 | The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. |
Raidenmaild · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7693 | High | 7.5 | — | 2024-08-12 | Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server. |
Rashid87 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43165 | Medium | 6.5 | — | 2024-08-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8. |
Roland Barker, Xnau Webdesign · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43141 | Critical | 9.8 | — | 2024-08-13 | Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2. |
Samsung · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7399 | High | 8.8 | KEV | 2024-08-12 | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. |
Scooter Software · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7886 | High | 7.8 | — | 2024-08-16 | A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. |
Sender · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43126 | High | 7.1 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Ne… |
Skyport · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42481 | High | 7.5 | — | 2024-08-12 | Skyport Daemon (skyportd) is the daemon for the Skyport Panel. |
Solarwinds · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28986 | Critical | 9.8 | KEV | 2024-08-13 | SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. |
Soliloquy Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35775 | Medium | 5.9 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloq… |
Sprecher Automation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6758 | Medium | 6.5 | — | 2024-08-12 | Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments. |
Tc39 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43357 | High | 8.6 | — | 2024-08-15 | ECMA-262 is the language specification for the scripting language ECMAScript. |
Teamt5 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7694 | High | 7.2 | KEV | 2024-08-12 | ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. |
Techeshta · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43123 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2. |
Tecno · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7697 | High | 7.5 | — | 2024-08-12 | Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. |
Theme-sphere · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37930 | Medium | 5.3 | — | 2024-08-12 | Insertion of Sensitive Information into Log File vulnerability in ThemeSphere SmartMag smartmag-responsive-retina-wordpress-magazine.This issue affects SmartMag: from n/a through < 10.1.0. |
Themelooks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43225 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7. |
Themeum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43231 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3. |
Themewinter · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43135 | High | 7.5 | — | 2024-08-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28. |
Themify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43133 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1. |
Thimpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-39642 | Medium | 6.5 | — | 2024-08-13 | Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2. |
Tiptoppress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6158 | Medium | 4.8 | — | 2024-08-12 | The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/p… |
Traccar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7746 | Critical | 9.8 | — | 2024-08-13 | Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwi… |
Tradedoubler · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6460 | Critical | 9.8 | — | 2024-08-16 | The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. |
Veribase · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6917 | Critical | 9.8 | — | 2024-08-12 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. |
Wapppress Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43137 | Medium | 5.9 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. |
Wc Product Table · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43128 | Medium | 6.5 | — | 2024-08-13 | Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1. |
Weaver · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7704 | Medium | 5.3 | — | 2024-08-12 | A vulnerability was found in Weaver e-cology 8. |
Weblizar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38756 | Medium | 5.3 | — | 2024-08-13 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3. |
Wofficeio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43153 | Critical | 9.8 | — | 2024-08-13 | Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10. |
Wp Chill · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43216 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through <= 1.2.4. |
Wp Swings · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38699 | High | 7.5 | — | 2024-08-13 | Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. |
Wp2speed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37924 | Medium | 5.3 | — | 2024-08-12 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1. |
Wpcodefactory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7501 | Medium | 4.2 | — | 2024-08-16 | The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. |
Wpfactory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43127 | High | 7.1 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers E… |
Wpfeedback · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7621 | Medium | 5.4 | — | 2024-08-12 | The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all ver… |
Wpxpro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43150 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.4.2. |
Wurmlab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42360 | Critical | 9.8 | — | 2024-08-14 | SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. |
Xwiki · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42489 | Critical | 10.0 | — | 2024-08-12 | Pro Macros provides XWiki rendering macros. |
Yogeshojha · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43381 | Medium | 5.0 | — | 2024-08-16 | reNgine is an automated reconnaissance framework for web applications. |
Yuri Baranov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43224 | Medium | 6.5 | — | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27. |
Zoho Campaigns · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38752 | Medium | 6.5 | — | 2024-08-13 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8. |