Patch Tuesday — October 2024
2024-10-08 · 720 CVEs
CVEs published or modified the week of 2024-10-08, partitioned by vendor.
Microsoft (148 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43468 | Critical | 9.8 | KEV | 2024-10-08 | Microsoft Configuration Manager Remote Code Execution Vulnerability |
CVE-2024-38124 | Critical | 9.0 | — | 2024-10-08 | Windows Netlogon Elevation of Privilege Vulnerability |
CVE-2024-43611 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43608 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43607 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43599 | High | 8.8 | — | 2024-10-08 | Remote Desktop Client Remote Code Execution Vulnerability |
CVE-2024-43593 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43592 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43589 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43564 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43549 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43533 | High | 8.8 | — | 2024-10-08 | Remote Desktop Client Remote Code Execution Vulnerability |
CVE-2024-43532 | High | 8.8 | — | 2024-10-08 | Remote Registry Service Elevation of Privilege Vulnerability |
CVE-2024-43519 | High | 8.8 | — | 2024-10-08 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-43518 | High | 8.8 | — | 2024-10-08 | Windows Telephony Server Remote Code Execution Vulnerability |
CVE-2024-43517 | High | 8.8 | — | 2024-10-08 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability |
CVE-2024-43488 | High | 8.8 | — | 2024-10-08 | Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. |
CVE-2024-43453 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-38265 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-38212 | High | 8.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-38179 | High | 8.8 | — | 2024-10-08 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability |
CVE-2024-43591 | High | 8.7 | — | 2024-10-08 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
CVE-2024-43497 | High | 8.4 | — | 2024-10-08 | DeepSpeed Remote Code Execution Vulnerability |
CVE-2024-43574 | High | 8.3 | — | 2024-10-08 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability |
CVE-2024-45720 | High | 8.2 | — | 2024-10-09 | On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and exec… |
CVE-2024-43582 | High | 8.1 | — | 2024-10-08 | Remote Desktop Protocol Server Remote Code Execution Vulnerability |
CVE-2024-38229 | High | 8.1 | — | 2024-10-08 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2024-30092 | High | 8.0 | — | 2024-10-08 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2024-47425 | High | 7.8 | — | 2024-10-09 | Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47424 | High | 7.8 | — | 2024-10-09 | Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47423 | High | 7.8 | — | 2024-10-09 | Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. |
CVE-2024-47422 | High | 7.8 | — | 2024-10-09 | Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. |
CVE-2024-47421 | High | 7.8 | — | 2024-10-09 | Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2024-45137 | High | 7.8 | — | 2024-10-09 | InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. |
CVE-2024-45136 | High | 7.8 | — | 2024-10-09 | InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. |
CVE-2024-45152 | High | 7.8 | — | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45144 | High | 7.8 | — | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45143 | High | 7.8 | — | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45142 | High | 7.8 | — | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. |
CVE-2024-45141 | High | 7.8 | — | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45140 | High | 7.8 | — | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45139 | High | 7.8 | — | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45138 | High | 7.8 | — | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47418 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47417 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47416 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47415 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47414 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47413 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47412 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47411 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-47410 | High | 7.8 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45150 | High | 7.8 | — | 2024-10-09 | Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45146 | High | 7.8 | — | 2024-10-09 | Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-43616 | High | 7.8 | — | 2024-10-08 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2024-43601 | High | 7.8 | — | 2024-10-08 | Visual Studio Code for Linux Remote Code Execution Vulnerability |
CVE-2024-43590 | High | 7.8 | — | 2024-10-08 | Visual C++ Redistributable Installer Elevation of Privilege Vulnerability |
CVE-2024-43583 | High | 7.8 | — | 2024-10-08 | Winlogon Elevation of Privilege Vulnerability |
CVE-2024-43576 | High | 7.8 | — | 2024-10-08 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2024-43572 | High | 7.8 | KEV | 2024-10-08 | Microsoft Management Console Remote Code Execution Vulnerability |
CVE-2024-43563 | High | 7.8 | — | 2024-10-08 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
CVE-2024-43560 | High | 7.8 | — | 2024-10-08 | Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability |
CVE-2024-43556 | High | 7.8 | — | 2024-10-08 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2024-43551 | High | 7.8 | — | 2024-10-08 | Windows Storage Elevation of Privilege Vulnerability |
CVE-2024-43528 | High | 7.8 | — | 2024-10-08 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
CVE-2024-43527 | High | 7.8 | — | 2024-10-08 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-43516 | High | 7.8 | — | 2024-10-08 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
CVE-2024-43514 | High | 7.8 | — | 2024-10-08 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
CVE-2024-43509 | High | 7.8 | — | 2024-10-08 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2024-43505 | High | 7.8 | — | 2024-10-08 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2024-43504 | High | 7.8 | — | 2024-10-08 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-43503 | High | 7.8 | — | 2024-10-08 | Microsoft SharePoint Elevation of Privilege Vulnerability |
CVE-2024-43501 | High | 7.8 | — | 2024-10-08 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-38261 | High | 7.8 | — | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-43584 | High | 7.7 | — | 2024-10-08 | Windows Scripting Engine Security Feature Bypass Vulnerability |
CVE-2024-43575 | High | 7.5 | — | 2024-10-08 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-43567 | High | 7.5 | — | 2024-10-08 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-43565 | High | 7.5 | — | 2024-10-08 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
CVE-2024-43562 | High | 7.5 | — | 2024-10-08 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
CVE-2024-43545 | High | 7.5 | — | 2024-10-08 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
CVE-2024-43544 | High | 7.5 | — | 2024-10-08 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability |
CVE-2024-43541 | High | 7.5 | — | 2024-10-08 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability |
CVE-2024-43521 | High | 7.5 | — | 2024-10-08 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-43515 | High | 7.5 | — | 2024-10-08 | Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability |
CVE-2024-43506 | High | 7.5 | — | 2024-10-08 | BranchCache Denial of Service Vulnerability |
CVE-2024-43485 | High | 7.5 | — | 2024-10-08 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2024-43484 | High | 7.5 | — | 2024-10-08 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
CVE-2024-43483 | High | 7.5 | — | 2024-10-08 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
CVE-2024-38262 | High | 7.5 | — | 2024-10-08 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
CVE-2024-38149 | High | 7.5 | — | 2024-10-08 | BranchCache Denial of Service Vulnerability |
CVE-2024-38129 | High | 7.5 | — | 2024-10-08 | Windows Kerberos Elevation of Privilege Vulnerability |
CVE-2024-38029 | High | 7.5 | — | 2024-10-08 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability |
CVE-2024-43610 | High | 7.4 | — | 2024-10-09 | Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector |
CVE-2024-43553 | High | 7.4 | — | 2024-10-08 | NT OS Kernel Elevation of Privilege Vulnerability |
CVE-2024-43550 | High | 7.4 | — | 2024-10-08 | Windows Secure Channel Spoofing Vulnerability |
CVE-2024-43552 | High | 7.3 | — | 2024-10-08 | Windows Shell Remote Code Execution Vulnerability |
CVE-2024-43529 | High | 7.3 | — | 2024-10-08 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2024-43615 | High | 7.1 | — | 2024-10-08 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability |
CVE-2024-43581 | High | 7.1 | — | 2024-10-08 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability |
CVE-2024-43502 | High | 7.1 | — | 2024-10-08 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-38097 | High | 7.1 | — | 2024-10-08 | Azure Monitor Agent Elevation of Privilege Vulnerability |
CVE-2024-20659 | High | 7.1 | — | 2024-10-08 | Windows Hyper-V Security Feature Bypass Vulnerability |
CVE-2024-43535 | High | 7.0 | — | 2024-10-08 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-43522 | High | 7.0 | — | 2024-10-08 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
CVE-2024-43511 | High | 7.0 | — | 2024-10-08 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-43612 | Medium | 6.9 | — | 2024-10-08 | Power BI Report Server Spoofing Vulnerability |
CVE-2024-43543 | Medium | 6.8 | — | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-43536 | Medium | 6.8 | — | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-43526 | Medium | 6.8 | — | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-43525 | Medium | 6.8 | — | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-43524 | Medium | 6.8 | — | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-43523 | Medium | 6.8 | — | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-37983 | Medium | 6.7 | — | 2024-10-08 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability |
CVE-2024-37982 | Medium | 6.7 | — | 2024-10-08 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability |
CVE-2024-37979 | Medium | 6.7 | — | 2024-10-08 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-37976 | Medium | 6.7 | — | 2024-10-08 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability |
CVE-2024-43480 | Medium | 6.6 | — | 2024-10-08 | Azure Service Fabric for Linux Remote Code Execution Vulnerability |
CVE-2024-43609 | Medium | 6.5 | — | 2024-10-08 | Microsoft Office Spoofing Vulnerability |
CVE-2024-43573 | Medium | 6.5 | KEV | 2024-10-08 | Windows MSHTML Platform Spoofing Vulnerability |
CVE-2024-43561 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43559 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43558 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43557 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43555 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43547 | Medium | 6.5 | — | 2024-10-08 | Windows Kerberos Information Disclosure Vulnerability |
CVE-2024-43542 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43540 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43538 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43537 | Medium | 6.5 | — | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
CVE-2024-43534 | Medium | 6.5 | — | 2024-10-08 | Windows Graphics Component Information Disclosure Vulnerability |
CVE-2024-43512 | Medium | 6.5 | — | 2024-10-08 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
CVE-2024-43481 | Medium | 6.5 | — | 2024-10-08 | Power BI Report Server Spoofing Vulnerability |
CVE-2024-43570 | Medium | 6.4 | — | 2024-10-08 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-43513 | Medium | 6.4 | — | 2024-10-08 | BitLocker Security Feature Bypass Vulnerability |
CVE-2024-43604 | Medium | 5.7 | — | 2024-10-08 | Outlook for Android Elevation of Privilege Vulnerability |
CVE-2024-43571 | Medium | 5.6 | — | 2024-10-08 | Sudo for Windows Spoofing Vulnerability |
CVE-2024-43546 | Medium | 5.6 | — | 2024-10-08 | Windows Cryptographic Information Disclosure Vulnerability |
CVE-2024-9469 | Medium | 5.5 | — | 2024-10-09 | A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. |
CVE-2024-47420 | Medium | 5.5 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-47419 | Medium | 5.5 | — | 2024-10-09 | Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-43614 | Medium | 5.5 | — | 2024-10-08 | Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. |
CVE-2024-43603 | Medium | 5.5 | — | 2024-10-08 | Visual Studio Collector Service Denial of Service Vulnerability |
CVE-2024-43585 | Medium | 5.5 | — | 2024-10-08 | Code Integrity Guard Security Feature Bypass Vulnerability |
CVE-2024-43554 | Medium | 5.5 | — | 2024-10-08 | Windows Kernel-Mode Driver Information Disclosure Vulnerability |
CVE-2024-43508 | Medium | 5.5 | — | 2024-10-08 | Windows Graphics Component Information Disclosure Vulnerability |
CVE-2024-43500 | Medium | 5.5 | — | 2024-10-08 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability |
CVE-2024-43520 | Medium | 5.0 | — | 2024-10-08 | Windows Kernel Denial of Service Vulnerability |
CVE-2024-43456 | Medium | 4.8 | — | 2024-10-08 | Windows Remote Desktop Services Tampering Vulnerability |
Other vendors (572 CVEs across 175 vendors)
N/a · 82 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48784 | Critical | 9.8 | — | 2024-10-11 | An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-46532 | Critical | 9.8 | — | 2024-10-11 | SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. |
CVE-2024-46088 | Critical | 9.8 | — | 2024-10-11 | An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. |
CVE-2024-42640 | Critical | 9.8 | — | 2024-10-11 | angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. |
CVE-2024-21534 | Critical | 9.8 | — | 2024-10-11 | All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. |
CVE-2024-45746 | Critical | 9.8 | — | 2024-10-09 | An issue was discovered in Trusted Firmware-M through 2.1.0. |
CVE-2024-25825 | Critical | 9.8 | — | 2024-10-09 | FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. |
CVE-2024-45918 | Critical | 9.8 | — | 2024-10-08 | Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. |
CVE-2024-44349 | Critical | 9.8 | — | 2024-10-08 | A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. |
CVE-2024-45874 | Critical | 9.8 | — | 2024-10-07 | A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. |
CVE-2024-45873 | Critical | 9.8 | — | 2024-10-07 | A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. |
CVE-2024-46076 | Critical | 9.8 | — | 2024-10-07 | RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. |
CVE-2024-48772 | Critical | 9.1 | — | 2024-10-11 | An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-48787 | Critical | 9.1 | — | 2024-10-11 | An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-48786 | Critical | 9.1 | — | 2024-10-11 | An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-48778 | Critical | 9.1 | — | 2024-10-11 | An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-48769 | Critical | 9.1 | — | 2024-10-11 | An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. |
CVE-2024-44730 | Critical | 9.1 | — | 2024-10-11 | Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. |
CVE-2023-46586 | Critical | 9.1 | — | 2024-10-09 | cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused. |
CVE-2024-45160 | Critical | 9.1 | — | 2024-10-09 | Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). |
CVE-2024-44414 | High | 8.8 | — | 2024-10-11 | A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. |
CVE-2024-44413 | High | 8.8 | — | 2024-10-11 | A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. |
CVE-2024-48827 | High | 8.8 | — | 2024-10-11 | An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. |
CVE-2024-48813 | High | 8.8 | — | 2024-10-11 | SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. |
CVE-2024-46041 | High | 8.8 | — | 2024-10-07 | IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. |
CVE-2024-35522 | High | 8.4 | — | 2024-10-11 | Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. |
CVE-2024-35517 | High | 8.4 | — | 2024-10-11 | Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. |
CVE-2023-37154 | High | 8.4 | — | 2024-10-09 | check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. |
CVE-2024-46278 | High | 8.4 | — | 2024-10-07 | Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. |
CVE-2024-48770 | High | 8.2 | — | 2024-10-11 | An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-46539 | High | 8.2 | — | 2024-10-08 | Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). |
CVE-2024-44068 | High | 8.1 | — | 2024-10-07 | An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. |
CVE-2024-45880 | High | 8.0 | — | 2024-10-08 | A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. |
CVE-2024-35288 | High | 7.8 | — | 2024-10-09 | Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. |
CVE-2024-42018 | High | 7.7 | — | 2024-10-11 | An issue was discovered in Atos Eviden SMC xScale before 1.6.6. |
CVE-2024-48938 | High | 7.5 | — | 2024-10-11 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. |
CVE-2024-48788 | High | 7.5 | — | 2024-10-11 | An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-48777 | High | 7.5 | — | 2024-10-11 | LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-48776 | High | 7.5 | — | 2024-10-11 | An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process |
CVE-2024-48775 | High | 7.5 | — | 2024-10-11 | An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. |
CVE-2024-48774 | High | 7.5 | — | 2024-10-11 | An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. |
CVE-2024-48773 | High | 7.5 | — | 2024-10-11 | An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process |
CVE-2024-48771 | High | 7.5 | — | 2024-10-11 | An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process |
CVE-2024-48768 | High | 7.5 | — | 2024-10-11 | An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process |
CVE-2024-44734 | High | 7.5 | — | 2024-10-11 | Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. |
CVE-2024-44729 | High | 7.5 | — | 2024-10-11 | Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. |
CVE-2024-46307 | High | 7.5 | — | 2024-10-09 | A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products. |
CVE-2024-46304 | High | 7.5 | — | 2024-10-09 | A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c. |
CVE-2024-46292 | High | 7.5 | — | 2024-10-09 | A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. |
CVE-2024-25885 | High | 7.5 | — | 2024-10-08 | An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string. |
CVE-2024-21532 | High | 7.3 | — | 2024-10-08 | All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed… |
CVE-2024-45754 | High | 7.2 | — | 2024-10-11 | An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. |
CVE-2024-47191 | High | 7.1 | — | 2024-10-09 | pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. |
CVE-2024-38818 | Medium | 6.7 | — | 2024-10-09 | VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. |
CVE-2024-38817 | Medium | 6.7 | — | 2024-10-09 | VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. |
CVE-2024-48987 | Medium | 6.6 | — | 2024-10-11 | Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. |
CVE-2024-45933 | Medium | 6.6 | — | 2024-10-07 | OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. |
CVE-2024-46215 | Medium | 6.5 | — | 2024-10-11 | A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer… |
CVE-2024-44415 | Medium | 6.5 | — | 2024-10-11 | A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. |
CVE-2023-45872 | Medium | 6.5 | — | 2024-10-09 | An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. |
CVE-2023-45359 | Medium | 6.5 | — | 2024-10-09 | An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. |
CVE-2024-21533 | Medium | 6.5 | — | 2024-10-08 | All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. |
CVE-2024-45919 | Medium | 6.5 | — | 2024-10-07 | A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. |
CVE-2024-46040 | Medium | 6.5 | — | 2024-10-07 | IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. |
CVE-2024-45184 | Medium | 6.2 | — | 2024-10-11 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. |
CVE-2024-48937 | Medium | 6.1 | — | 2024-10-11 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. |
CVE-2023-45361 | Medium | 6.1 | — | 2024-10-09 | An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. |
CVE-2024-42831 | Medium | 6.1 | — | 2024-10-07 | A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter… |
CVE-2024-48942 | Medium | 5.9 | — | 2024-10-10 | The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. |
CVE-2024-46325 | Medium | 5.5 | — | 2024-10-07 | TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. |
CVE-2024-48941 | Medium | 5.4 | — | 2024-10-10 | The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. |
CVE-2024-46237 | Medium | 5.4 | — | 2024-10-09 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. |
CVE-2024-44807 | Medium | 5.3 | — | 2024-10-11 | A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. |
CVE-2024-42934 | Medium | 5.0 | — | 2024-10-09 | OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. |
CVE-2024-36814 | Medium | 4.9 | — | 2024-10-08 | An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory. |
CVE-2024-46410 | Medium | 4.8 | — | 2024-10-08 | PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature |
CVE-2024-45932 | Medium | 4.8 | — | 2024-10-07 | Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. |
CVE-2024-44731 | Medium | 4.7 | — | 2024-10-11 | Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections. |
CVE-2024-38815 | Medium | 4.3 | — | 2024-10-09 | VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. |
CVE-2024-42988 | Medium | 4.3 | — | 2024-10-09 | Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility setting… |
CVE-2023-36325 | Low | 3.7 | — | 2024-10-09 | i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior… |
CVE-2024-27457 | Low | 2.5 | — | 2024-10-08 | Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure via local access. |
Juniper · 28 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47490 | High | 8.2 | — | 2024-10-11 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause i… |
CVE-2024-47504 | High | 7.5 | — | 2024-10-11 | An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). |
CVE-2024-47502 | High | 7.5 | — | 2024-10-11 | An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). |
CVE-2024-47499 | High | 7.5 | — | 2024-10-11 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (Do… |
CVE-2024-47497 | High | 7.5 | — | 2024-10-11 | An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS… |
CVE-2024-39547 | High | 7.5 | — | 2024-10-11 | An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine… |
CVE-2024-39525 | High | 7.5 | — | 2024-10-09 | An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd… |
CVE-2024-39516 | High | 7.5 | — | 2024-10-09 | An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to cra… |
CVE-2024-39515 | High | 7.5 | — | 2024-10-09 | An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP p… |
CVE-2024-39563 | High | 7.3 | — | 2024-10-11 | A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote com… |
CVE-2024-47495 | Medium | 6.7 | — | 2024-10-11 | An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved… |
CVE-2024-47509 | Medium | 6.5 | — | 2024-10-11 | An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial… |
CVE-2024-47508 | Medium | 6.5 | — | 2024-10-11 | An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial… |
CVE-2024-47505 | Medium | 6.5 | — | 2024-10-11 | An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial… |
CVE-2024-47503 | Medium | 6.5 | — | 2024-10-11 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Den… |
CVE-2024-47498 | Medium | 6.5 | — | 2024-10-11 | An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). |
CVE-2024-47493 | Medium | 6.5 | — | 2024-10-11 | A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause… |
CVE-2024-39526 | Medium | 6.5 | — | 2024-10-11 | An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos O… |
CVE-2024-47506 | Medium | 5.9 | — | 2024-10-11 | A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). |
CVE-2024-47494 | Medium | 5.9 | — | 2024-10-11 | A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the… |
CVE-2024-47491 | Medium | 5.9 | — | 2024-10-11 | An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). |
CVE-2024-47507 | Medium | 5.8 | — | 2024-10-11 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to… |
CVE-2024-47489 | Medium | 5.8 | — | 2024-10-11 | An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit pr… |
CVE-2024-47501 | Medium | 5.5 | — | 2024-10-11 | A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to caus… |
CVE-2024-47496 | Medium | 5.5 | — | 2024-10-11 | A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). |
CVE-2024-39527 | Medium | 5.5 | — | 2024-10-11 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the… |
CVE-2024-39534 | Medium | 5.4 | — | 2024-10-11 | An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and bro… |
CVE-2024-39544 | Medium | 5.0 | — | 2024-10-11 | An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive inform… |
Siemens · 28 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47553 | Critical | 9.9 | — | 2024-10-08 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). |
CVE-2024-41798 | Critical | 9.8 | — | 2024-10-08 | A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). |
CVE-2024-47562 | High | 8.8 | — | 2024-10-08 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). |
CVE-2023-52952 | High | 8.5 | — | 2024-10-08 | A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (A… |
CVE-2024-47046 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). |
CVE-2024-45475 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45474 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45473 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45472 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45471 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45470 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45469 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45468 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45467 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45466 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45465 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45464 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-45463 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-41981 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). |
CVE-2024-41902 | High | 7.8 | — | 2024-10-08 | A vulnerability has been identified in JT2Go (All versions < V2406.0003). |
CVE-2024-47196 | Medium | 6.7 | — | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). |
CVE-2024-47195 | Medium | 6.7 | — | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). |
CVE-2024-47194 | Medium | 6.7 | — | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). |
CVE-2024-47563 | Medium | 5.3 | — | 2024-10-08 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). |
CVE-2024-46887 | Medium | 5.3 | — | 2024-10-08 | The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. |
CVE-2024-46886 | Medium | 4.7 | — | 2024-10-08 | The web server of affected devices does not properly validate input that is used for a user redirection. |
CVE-2024-47565 | Medium | 4.3 | — | 2024-10-08 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). |
CVE-2024-45476 | Low | 3.3 | — | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
Adobe · 25 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45115 | Critical | 9.8 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. |
CVE-2024-45148 | High | 8.8 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. |
CVE-2024-45116 | High | 8.1 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. |
CVE-2024-45117 | High | 7.6 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. |
CVE-2024-45132 | Medium | 6.5 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. |
CVE-2024-45118 | Medium | 6.5 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-45123 | Medium | 6.1 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-45145 | Medium | 5.5 | — | 2024-10-09 | Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20787 | Medium | 5.5 | — | 2024-10-09 | Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-45131 | Medium | 5.4 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-45128 | Medium | 5.4 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-45153 | Medium | 5.4 | — | 2024-10-07 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-45124 | Medium | 5.3 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-45119 | Medium | 4.9 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. |
CVE-2024-45127 | Medium | 4.8 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-45130 | Medium | 4.3 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-45129 | Medium | 4.3 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. |
CVE-2024-45125 | Medium | 4.3 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. |
CVE-2024-45122 | Medium | 4.3 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-45121 | Medium | 4.3 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-45120 | Low | 3.1 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. |
CVE-2024-45149 | Low | 2.7 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-45135 | Low | 2.7 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-45134 | Low | 2.7 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. |
CVE-2024-45133 | Low | 2.7 | — | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. |
Google · 24 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-20103 | Critical | 9.8 | — | 2024-10-07 | In wlan firmware, there is a possible out of bounds write due to improper input validation. |
CVE-2024-20101 | Critical | 9.8 | — | 2024-10-07 | In wlan driver, there is a possible out of bounds write due to improper input validation. |
CVE-2024-20100 | Critical | 9.8 | — | 2024-10-07 | In wlan driver, there is a possible out of bounds write due to improper input validation. |
CVE-2024-9859 | High | 8.8 | — | 2024-10-11 | Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
CVE-2024-9603 | High | 8.8 | — | 2024-10-08 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-9602 | High | 8.8 | — | 2024-10-08 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2024-20092 | High | 7.8 | — | 2024-10-07 | In vdec, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-8912 | High | 7.5 | — | 2024-10-11 | An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. |
CVE-2024-20099 | Medium | 6.7 | — | 2024-10-07 | In power, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-20098 | Medium | 6.7 | — | 2024-10-07 | In power, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-20090 | Medium | 6.7 | — | 2024-10-07 | In vdec, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-39438 | Medium | 6.5 | — | 2024-10-09 | In linkturbonative service, there is a possible command injection due to improper input validation. |
CVE-2024-39437 | Medium | 6.5 | — | 2024-10-09 | In linkturbonative service, there is a possible command injection due to improper input validation. |
CVE-2024-39436 | Medium | 6.5 | — | 2024-10-09 | In linkturbonative service, there is a possible command injection due to improper input validation. |
CVE-2024-39440 | Medium | 6.2 | — | 2024-10-09 | In DRM service, there is a possible system crash due to null pointer dereference. |
CVE-2024-39439 | Medium | 6.2 | — | 2024-10-09 | In DRM service, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-34663 | Medium | 5.3 | — | 2024-10-08 | Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. |
CVE-2024-20102 | Medium | 4.9 | — | 2024-10-07 | In wlan driver, there is a possible out of bounds read due to improper input validation. |
CVE-2024-20097 | Medium | 4.4 | — | 2024-10-07 | In vdec, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-20096 | Medium | 4.4 | — | 2024-10-07 | In m4u, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-20095 | Medium | 4.4 | — | 2024-10-07 | In m4u, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-20093 | Medium | 4.4 | — | 2024-10-07 | In vdec, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-20091 | Medium | 4.4 | — | 2024-10-07 | In vdec, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-34664 | Medium | 4.1 | — | 2024-10-08 | Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment. |
Qualcomm · 20 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33066 | Critical | 9.8 | — | 2024-10-07 | Memory corruption while redirecting log file to any file location with any file name. |
CVE-2024-38399 | High | 8.4 | — | 2024-10-07 | Memory corruption while processing user packets to generate page faults. |
CVE-2024-33065 | High | 8.4 | — | 2024-10-07 | Memory corruption while taking snapshot when an offset variable is set by camera driver. |
CVE-2024-33073 | High | 8.2 | — | 2024-10-07 | Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
CVE-2024-33064 | High | 8.2 | — | 2024-10-07 | Information disclosure while parsing the multiple MBSSID IEs from the beacon. |
CVE-2024-43047 | High | 7.8 | KEV | 2024-10-07 | Memory corruption while maintaining memory maps of HLOS memory. |
CVE-2024-23369 | High | 7.8 | — | 2024-10-07 | Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. |
CVE-2024-21455 | High | 7.8 | — | 2024-10-07 | Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. |
CVE-2024-38397 | High | 7.5 | — | 2024-10-07 | Transient DOS while parsing probe response and assoc response frame. |
CVE-2024-33071 | High | 7.5 | — | 2024-10-07 | Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. |
CVE-2024-33070 | High | 7.5 | — | 2024-10-07 | Transient DOS while parsing ESP IE from beacon/probe response frame. |
CVE-2024-33069 | High | 7.5 | — | 2024-10-07 | Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. |
CVE-2024-33049 | High | 7.5 | — | 2024-10-07 | Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
CVE-2024-23379 | Medium | 6.7 | — | 2024-10-07 | Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. |
CVE-2024-23378 | Medium | 6.7 | — | 2024-10-07 | Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. |
CVE-2024-23376 | Medium | 6.7 | — | 2024-10-07 | Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. |
CVE-2024-23375 | Medium | 6.7 | — | 2024-10-07 | Memory corruption during the network scan request. |
CVE-2024-23374 | Medium | 6.7 | — | 2024-10-07 | Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. |
CVE-2024-23370 | Medium | 6.7 | — | 2024-10-07 | Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. |
CVE-2024-38425 | Medium | 6.1 | — | 2024-10-07 | Information disclosure while sending implicit broadcast containing APP launch information. |
Linux · 16 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47659 | High | 8.8 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4… |
CVE-2024-47670 | High | 7.8 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when… |
CVE-2024-47673 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will tri… |
CVE-2024-47671 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. |
CVE-2024-47669 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 ("nilfs2: separate wait function from nilfs_segctor_write") was applied, the… |
CVE-2024-47667 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 (SPRZ452D_July 2018_Revised December 2019 [… |
CVE-2024-47666 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RES… |
CVE-2024-47665 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Definitely condition dma_get_cache_alignment * defined value > 256 during driver initialization is not… |
CVE-2024-47664 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause a division by zero error in hisi_calc_… |
CVE-2024-47663 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. |
CVE-2024-47662 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why] These registers should not be read from driver and triggering the security violation when D… |
CVE-2024-47661 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned 0xFFFF. |
CVE-2024-47658 | Medium | 5.5 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. |
CVE-2024-47668 | Medium | 4.7 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that incr… |
CVE-2024-47660 | Medium | 4.7 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. |
CVE-2024-46870 | Medium | 4.7 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands. |
D-link · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9786 | High | 8.8 | — | 2024-10-10 | A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. |
CVE-2024-9785 | High | 8.8 | — | 2024-10-10 | A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. |
CVE-2024-9784 | High | 8.8 | — | 2024-10-10 | A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. |
CVE-2024-9783 | High | 8.8 | — | 2024-10-10 | A vulnerability was found in D-Link DIR-619L B1 2.06. |
CVE-2024-9782 | High | 8.8 | — | 2024-10-10 | A vulnerability was found in D-Link DIR-619L B1 2.06. |
CVE-2024-9570 | High | 8.8 | — | 2024-10-07 | A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. |
CVE-2024-9569 | High | 8.8 | — | 2024-10-07 | A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. |
CVE-2024-9568 | High | 8.8 | — | 2024-10-07 | A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. |
CVE-2024-9567 | High | 8.8 | — | 2024-10-07 | A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. |
CVE-2024-9566 | High | 8.8 | — | 2024-10-07 | A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. |
CVE-2024-9565 | High | 8.8 | — | 2024-10-07 | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. |
CVE-2024-9564 | High | 8.8 | — | 2024-10-07 | A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. |
CVE-2024-9563 | High | 8.8 | — | 2024-10-07 | A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. |
CVE-2024-9792 | Low | 2.4 | — | 2024-10-10 | A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. |
Gradio-app · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47167 | Critical | 9.8 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47871 | Critical | 9.1 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47084 | High | 8.3 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47870 | High | 8.1 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47868 | High | 7.5 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47867 | High | 7.5 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47164 | Medium | 6.5 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47872 | Medium | 5.4 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47165 | Medium | 5.4 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47166 | Medium | 5.3 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47168 | Medium | 4.3 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
CVE-2024-47869 | Low | 3.7 | — | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. |
Lenovo · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9046 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-4132 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-4131 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-4130 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-4089 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-33582 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-33581 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-33580 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-33579 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-33578 | High | 7.8 | — | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. |
CVE-2024-5474 | Medium | 5.5 | — | 2024-10-11 | A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges durin… |
Ivanti · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7612 | High | 8.8 | — | 2024-10-08 | Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. |
CVE-2024-9167 | High | 7.8 | — | 2024-10-08 | Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. |
CVE-2024-47011 | High | 7.5 | — | 2024-10-08 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information |
CVE-2024-47008 | High | 7.5 | — | 2024-10-08 | Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. |
CVE-2024-47007 | High | 7.5 | — | 2024-10-08 | A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. |
CVE-2024-47010 | High | 7.3 | — | 2024-10-08 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. |
CVE-2024-47009 | High | 7.3 | — | 2024-10-08 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. |
CVE-2024-9381 | High | 7.2 | — | 2024-10-08 | Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. |
CVE-2024-9380 | High | 7.2 | KEV | 2024-10-08 | An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. |
CVE-2024-9379 | Medium | 6.5 | KEV | 2024-10-08 | SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. |
Palo Alto Networks · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9465 | Critical | 9.1 | KEV | 2024-10-09 | An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. |
CVE-2024-9473 | High | 7.8 | — | 2024-10-09 | A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair fu… |
CVE-2024-9468 | High | 7.5 | — | 2024-10-09 | A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. |
CVE-2024-9463 | High | 7.5 | KEV | 2024-10-09 | An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations… |
CVE-2024-9466 | Medium | 6.5 | — | 2024-10-09 | A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. |
CVE-2024-9464 | Medium | 6.5 | — | 2024-10-09 | An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, a… |
CVE-2024-9467 | Medium | 6.1 | — | 2024-10-09 | A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that c… |
CVE-2024-9471 | Medium | 4.7 | — | 2024-10-09 | A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privile… |
CVE-2024-9470 | — | — | — | 2024-10-09 | A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. |
Samsung · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34669 | High | 7.5 | — | 2024-10-08 | Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. |
CVE-2024-34668 | High | 7.5 | — | 2024-10-08 | Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. |
CVE-2024-34667 | High | 7.5 | — | 2024-10-08 | Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. |
CVE-2024-34666 | High | 7.5 | — | 2024-10-08 | Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. |
CVE-2024-34665 | High | 7.5 | — | 2024-10-08 | Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. |
CVE-2024-34662 | Medium | 6.2 | — | 2024-10-08 | Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors. |
CVE-2024-34672 | Medium | 5.5 | — | 2024-10-08 | Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users. |
CVE-2024-34670 | Medium | 4.0 | — | 2024-10-08 | Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information. |
CVE-2024-34671 | Low | 3.3 | — | 2024-10-08 | Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. |
Solidigm · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47975 | High | 7.0 | — | 2024-10-07 | Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. |
CVE-2024-47976 | Medium | 6.7 | — | 2024-10-07 | Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. |
CVE-2024-47971 | Medium | 6.5 | — | 2024-10-07 | Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. |
CVE-2024-47969 | Medium | 6.2 | — | 2024-10-07 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. |
CVE-2024-47973 | Medium | 5.1 | — | 2024-10-07 | In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker. |
CVE-2024-47968 | Medium | 4.4 | — | 2024-10-07 | Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. |
CVE-2024-47974 | Medium | 4.4 | — | 2024-10-07 | Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. |
CVE-2024-47967 | Medium | 4.4 | — | 2024-10-07 | Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. |
CVE-2024-47972 | Medium | 4.0 | — | 2024-10-07 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource. |
Progress · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8015 | Critical | 9.1 | — | 2024-10-09 | In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. |
CVE-2024-8014 | High | 8.8 | — | 2024-10-09 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. |
CVE-2024-8755 | High | 8.4 | — | 2024-10-11 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) … |
CVE-2024-8048 | High | 7.8 | — | 2024-10-09 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. |
CVE-2024-7840 | High | 7.8 | — | 2024-10-09 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. |
CVE-2024-7294 | High | 7.5 | — | 2024-10-09 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. |
CVE-2024-7293 | High | 7.5 | — | 2024-10-09 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. |
CVE-2024-7292 | High | 7.5 | — | 2024-10-09 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. |
Gitlab · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9164 | Critical | 9.6 | — | 2024-10-11 | An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. |
CVE-2024-8970 | High | 8.2 | — | 2024-10-11 | An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user u… |
CVE-2024-8977 | High | 8.2 | — | 2024-10-10 | An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. |
CVE-2024-6530 | High | 7.3 | — | 2024-10-10 | A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. |
CVE-2024-9623 | Medium | 4.9 | — | 2024-10-10 | An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. |
CVE-2024-5005 | Medium | 4.3 | — | 2024-10-11 | An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users t… |
CVE-2024-9596 | Low | 3.7 | — | 2024-10-10 | An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. |
Schneider Electric · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8884 | Critical | 9.8 | — | 2024-10-08 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http |
CVE-2024-9002 | High | 7.8 | — | 2024-10-11 | CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalati… |
CVE-2024-8422 | High | 7.8 | — | 2024-10-08 | CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. |
CVE-2024-8531 | High | 7.2 | — | 2024-10-11 | CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. |
CVE-2024-8530 | Medium | 5.9 | — | 2024-10-11 | CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. |
CVE-2024-8518 | Low | 3.3 | — | 2024-10-08 | CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user. |
CVE-2024-9005 | — | — | — | 2024-10-08 | CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. |
Code-projects · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9812 | High | 7.3 | — | 2024-10-10 | A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. |
CVE-2024-9811 | High | 7.3 | — | 2024-10-10 | A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. |
CVE-2024-9797 | High | 7.3 | — | 2024-10-10 | A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. |
CVE-2024-9804 | Medium | 4.7 | — | 2024-10-10 | A vulnerability was found in code-projects Blood Bank System 1.0. |
CVE-2024-9805 | Low | 3.5 | — | 2024-10-10 | A vulnerability was found in code-projects Blood Bank System 1.0. |
CVE-2024-9803 | Low | 3.5 | — | 2024-10-10 | A vulnerability was found in code-projects Blood Bank Management System 1.0. |
Jetbrains · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48902 | Medium | 5.4 | — | 2024-10-10 | In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API |
CVE-2024-47949 | Medium | 4.9 | — | 2024-10-08 | In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location |
CVE-2024-47948 | Medium | 4.9 | — | 2024-10-08 | In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups |
CVE-2024-47161 | Medium | 4.3 | — | 2024-10-08 | In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API |
CVE-2024-47951 | Low | 3.5 | — | 2024-10-08 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings |
CVE-2024-47950 | Low | 3.5 | — | 2024-10-08 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings |
Codezips · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9814 | High | 7.3 | — | 2024-10-10 | A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. |
CVE-2024-9813 | High | 7.3 | — | 2024-10-10 | A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. |
CVE-2024-9794 | Medium | 6.3 | — | 2024-10-10 | A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. |
CVE-2024-9816 | Medium | 4.7 | — | 2024-10-10 | A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. |
CVE-2024-9815 | Medium | 4.7 | — | 2024-10-10 | A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. |
Delta Electronics · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47966 | High | 7.8 | — | 2024-10-10 | Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. |
CVE-2024-47965 | High | 7.8 | — | 2024-10-10 | Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. |
CVE-2024-47964 | High | 7.8 | — | 2024-10-10 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. |
CVE-2024-47963 | High | 7.8 | — | 2024-10-10 | Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. |
CVE-2024-47962 | High | 7.8 | — | 2024-10-10 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. |
Dena · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45402 | High | 8.6 | — | 2024-10-11 | Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. |
CVE-2024-45396 | High | 7.5 | — | 2024-10-11 | Quicly is an IETF QUIC protocol implementation. |
CVE-2024-45397 | Medium | 5.9 | — | 2024-10-11 | h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. |
CVE-2024-45403 | Low | 3.7 | — | 2024-10-11 | h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. |
CVE-2024-25622 | Low | 3.1 | — | 2024-10-11 | h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. |
Discourse · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47773 | High | 8.2 | — | 2024-10-08 | Discourse is an open source platform for community discussion. |
CVE-2024-45051 | High | 8.2 | — | 2024-10-07 | Discourse is an open source platform for community discussion. |
CVE-2024-43789 | High | 7.5 | — | 2024-10-07 | Discourse is an open source platform for community discussion. |
CVE-2024-47772 | Medium | 6.5 | — | 2024-10-07 | Discourse is an open source platform for community discussion. |
CVE-2024-45297 | Medium | 5.3 | — | 2024-10-07 | Discourse is an open source platform for community discussion. |
Miraheze · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47782 | High | 7.6 | — | 2024-10-07 | WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. |
CVE-2024-47816 | Medium | 6.4 | — | 2024-10-09 | ImportDump is a mediawiki extension designed to automate user import requests. |
CVE-2024-47781 | Medium | 6.1 | — | 2024-10-07 | CreateWiki is an extension used at Miraheze for requesting & creating wikis. |
CVE-2024-47815 | Medium | 6.0 | — | 2024-10-09 | IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. |
CVE-2024-47812 | Medium | 6.0 | — | 2024-10-09 | ImportDump is an extension for mediawiki designed to automate user import requests. |
Open-webui · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7037 | High | 7.2 | — | 2024-10-09 | In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. |
CVE-2024-7041 | Medium | 6.5 | — | 2024-10-09 | An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. |
CVE-2024-7049 | Medium | 5.4 | — | 2024-10-10 | In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. |
CVE-2024-7048 | Medium | 5.4 | — | 2024-10-10 | In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. |
CVE-2024-7038 | Low | 2.7 | — | 2024-10-09 | An information disclosure vulnerability exists in open-webui version 0.3.8. |
Openatom · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-39806 | Medium | 5.5 | — | 2024-10-08 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. |
CVE-2024-39831 | Medium | 4.4 | — | 2024-10-08 | in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. |
CVE-2024-45382 | Low | 3.3 | — | 2024-10-08 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. |
CVE-2024-43697 | Low | 3.3 | — | 2024-10-08 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input. |
CVE-2024-43696 | Low | 3.3 | — | 2024-10-08 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak. |
Phpoffice · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45290 | High | 7.7 | — | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. |
CVE-2024-45293 | High | 7.5 | — | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. |
CVE-2024-45060 | High | 7.1 | — | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. |
CVE-2024-45291 | Medium | 6.3 | — | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. |
CVE-2024-45292 | Medium | 5.4 | — | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. |
Red Hat · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3656 | High | 8.1 | — | 2024-10-09 | A flaw was found in Keycloak. |
CVE-2024-9671 | Medium | 5.3 | — | 2024-10-09 | A vulnerability was found in 3Scale. |
CVE-2024-9622 | Medium | 5.3 | — | 2024-10-08 | A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. |
CVE-2024-9621 | Medium | 5.3 | — | 2024-10-08 | A vulnerability was found in Quarkus CXF. |
CVE-2024-9620 | Medium | 5.3 | — | 2024-10-08 | A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. |
Sap · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37179 | High | 7.7 | — | 2024-10-08 | SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on… |
CVE-2024-47594 | Medium | 5.4 | — | 2024-10-08 | SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. |
CVE-2024-45278 | Medium | 5.4 | — | 2024-10-08 | SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-45282 | Medium | 4.3 | — | 2024-10-08 | Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. |
CVE-2024-45277 | Medium | 4.3 | — | 2024-10-08 | The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. |
Xerox · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47557 | High | 8.3 | — | 2024-10-07 | Pre-Auth RCE via Path Traversal |
CVE-2024-47556 | High | 8.3 | — | 2024-10-07 | Pre-Auth RCE via Path Traversal |
CVE-2024-47555 | High | 8.3 | — | 2024-10-07 | Missing Authentication - User & System Configuration |
CVE-2024-47559 | High | 7.6 | — | 2024-10-07 | Authenticated RCE via Path Traversal |
CVE-2024-47558 | High | 7.6 | — | 2024-10-07 | Authenticated RCE via Path Traversal |
Cacti · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43362 | High | 7.3 | — | 2024-10-07 | Cacti is an open source performance and fault management framework. |
CVE-2024-43363 | High | 7.2 | — | 2024-10-07 | Cacti is an open source performance and fault management framework. |
CVE-2024-43365 | Medium | 5.7 | — | 2024-10-07 | Cacti is an open source performance and fault management framework. |
CVE-2024-43364 | Medium | 5.7 | — | 2024-10-07 | Cacti is an open source performance and fault management framework. |
Php · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8926 | High | 8.1 | — | 2024-10-08 | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still… |
CVE-2024-8927 | High | 7.5 | — | 2024-10-08 | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. |
CVE-2024-9026 | Low | 3.3 | — | 2024-10-08 | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove u… |
CVE-2024-8925 | Low | 3.1 | — | 2024-10-08 | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. |
Soplanning · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9574 | Critical | 9.8 | — | 2024-10-07 | SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in… |
CVE-2024-9573 | Medium | 6.3 | — | 2024-10-07 | SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. |
CVE-2024-9572 | Medium | 6.3 | — | 2024-10-07 | Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. |
CVE-2024-9571 | Medium | 6.3 | — | 2024-10-07 | Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. |
Lylme · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9790 | Medium | 4.7 | — | 2024-10-10 | A vulnerability was found in LyLme_spage 1.9.5. |
CVE-2024-9789 | Medium | 4.7 | — | 2024-10-10 | A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. |
CVE-2024-9788 | Medium | 4.7 | — | 2024-10-10 | A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. |
Oretnom23 · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9818 | High | 7.3 | — | 2024-10-10 | A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. |
CVE-2024-9809 | Medium | 6.3 | — | 2024-10-10 | A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. |
CVE-2024-9808 | Medium | 6.3 | — | 2024-10-10 | A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. |
Redis · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31449 | High | 7.0 | — | 2024-10-07 | Redis is an open source, in-memory database that persists on disk. |
CVE-2024-31228 | Medium | 5.5 | — | 2024-10-07 | Redis is an open source, in-memory database that persists on disk. |
CVE-2024-31227 | Medium | 4.4 | — | 2024-10-07 | Redis is an open source, in-memory database that persists on disk. |
Rockwell Automation · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9124 | High | 7.5 | — | 2024-10-08 | A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. |
CVE-2024-8626 | High | 7.5 | — | 2024-10-08 | Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. |
CVE-2024-9412 | — | — | — | 2024-10-08 | An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. |
Sonicwall · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45316 | High | 7.8 | — | 2024-10-11 | The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, po… |
CVE-2024-45317 | High | 7.5 | — | 2024-10-11 | A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP… |
CVE-2024-45315 | Medium | 5.5 | — | 2024-10-11 | The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, po… |
Userplus · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9518 | Critical | 9.8 | — | 2024-10-10 | The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. |
CVE-2024-9519 | High | 7.2 | — | 2024-10-10 | The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. |
CVE-2024-9520 | Medium | 6.3 | — | 2024-10-10 | The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. |
Wpcodefactory · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9232 | Medium | 6.1 | — | 2024-10-11 | The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. |
CVE-2024-9377 | Medium | 6.1 | — | 2024-10-10 | The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, a… |
CVE-2024-9205 | Medium | 6.1 | — | 2024-10-10 | The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. |
07fly · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9855 | Medium | 4.7 | — | 2024-10-11 | A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. |
CVE-2024-9856 | Low | 2.4 | — | 2024-10-11 | A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. |
Bytecodealliance · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47763 | Medium | 5.5 | — | 2024-10-09 | Wasmtime is an open source runtime for WebAssembly. |
CVE-2024-47813 | Low | 2.9 | — | 2024-10-09 | Wasmtime is an open source runtime for WebAssembly. |
Classroombookings · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9806 | Low | 3.5 | — | 2024-10-10 | A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. |
CVE-2024-9807 | Low | 2.4 | — | 2024-10-10 | A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. |
Debian · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9680 | Critical | 9.8 | KEV | 2024-10-09 | An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. |
CVE-2024-46871 | High | 7.8 | — | 2024-10-09 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmub_notification_type. |
Djangoproject · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45230 | High | 7.5 | — | 2024-10-08 | An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. |
CVE-2024-45231 | Medium | 5.3 | — | 2024-10-08 | An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. |
Fortinet · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45330 | High | 7.2 | — | 2024-10-08 | A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. |
CVE-2024-33506 | Low | 3.3 | — | 2024-10-08 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to… |
Github · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9487 | Critical | 9.1 | — | 2024-10-10 | An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. |
CVE-2024-9539 | Medium | 4.3 | — | 2024-10-11 | An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a co… |
Kainelabs · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8987 | Medium | 6.4 | — | 2024-10-10 | The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and includ… |
CVE-2024-9067 | Medium | 4.3 | — | 2024-10-10 | The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' functio… |
Latepoint · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8943 | Critical | 9.8 | — | 2024-10-08 | The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. |
CVE-2024-8911 | Critical | 9.8 | — | 2024-10-08 | The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. |
Libarchive · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48958 | High | 7.8 | — | 2024-10-10 | execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. |
CVE-2024-48957 | High | 7.8 | — | 2024-10-10 | execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. |
Limesurvey · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28710 | Medium | 6.1 | — | 2024-10-07 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. |
CVE-2024-28709 | Medium | 6.1 | — | 2024-10-07 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. |
Linkz.ai · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9586 | Medium | 6.5 | — | 2024-10-11 | The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. |
CVE-2024-9587 | Medium | 5.4 | — | 2024-10-11 | The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. |
Linuxfoundation · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9798 | Critical | 9.0 | — | 2024-10-10 | The health endpoint is public so everybody can see a list of all services. |
CVE-2024-9802 | Medium | 5.3 | — | 2024-10-10 | The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. |
Lollms · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6985 | Medium | 4.4 | — | 2024-10-11 | A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. |
CVE-2024-6971 | Medium | 4.4 | — | 2024-10-11 | A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. |
Tainacan · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48040 | High | 8.5 | — | 2024-10-11 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.This issue affects Tainacan: from n/a through <= 0.21.8. |
CVE-2024-9221 | Medium | 6.1 | — | 2024-10-11 | The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. |
Themehunk · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9707 | Critical | 9.8 | — | 2024-10-11 | The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. |
CVE-2024-8433 | Medium | 6.4 | — | 2024-10-08 | The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input san… |
Winhex · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6362 | High | 7.3 | — | 2024-10-07 | A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. |
CVE-2023-6361 | High | 7.3 | — | 2024-10-07 | A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. |
Wireshark · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9781 | High | 7.8 | — | 2024-10-10 | AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file |
CVE-2024-9780 | High | 7.8 | — | 2024-10-10 | ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file |
10web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5968 | Medium | 4.8 | — | 2024-10-09 | The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when th… |
Abb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6157 | Medium | 5.1 | — | 2024-10-10 | An attacker who successfully exploited these vulnerabilities could cause the robot to stop. |
Afragen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9451 | Medium | 6.4 | — | 2024-10-09 | The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. |
Amirhelzer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8629 | Medium | 6.1 | — | 2024-10-08 | The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. |
Ampache · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47828 | Medium | 5.3 | — | 2024-10-09 | ampache is a web based audio/video streaming application and file manager. |
Andreamarinucci · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9685 | Medium | 4.3 | — | 2024-10-10 | The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. |
Angeljudesuarez · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-46300 | Medium | 6.1 | — | 2024-10-07 | itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. |
Apache · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28168 | High | 7.5 | — | 2024-10-09 | Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. |
Apple · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-44157 | Medium | 5.5 | — | 2024-10-11 | A stack buffer overflow was addressed through improved input validation. |
Ataurr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9234 | Critical | 9.8 | — | 2024-10-11 | The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() functi… |
Avaiga · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47833 | Medium | 6.5 | — | 2024-10-09 | Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. |
Ays-pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8488 | Medium | 4.4 | — | 2024-10-08 | The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. |
Baptiste.gourdin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48033 | Critical | 9.8 | — | 2024-10-11 | Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects Talkback: from n/a through <= 1.0. |
Bit Apps · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47335 | High | 7.6 | — | 2024-10-07 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.13.11. |
Bitcoin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35202 | High | 7.5 | — | 2024-10-10 | Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. |
Bitpressadmin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9507 | Medium | 4.9 | — | 2024-10-11 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to impro… |
Blackberry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35215 | Medium | 6.2 | — | 2024-10-08 | NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the cont… |
Blockmeister · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9616 | Medium | 6.1 | — | 2024-10-11 | The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. |
Blood_bank_system_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9817 | Medium | 6.3 | — | 2024-10-10 | A vulnerability was found in code-projects Blood Bank System 1.0. |
Blubrry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9543 | Medium | 6.4 | — | 2024-10-11 | The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and outp… |
Bluecms_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45894 | Medium | 4.9 | — | 2024-10-07 | BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. |
Boonebgorges · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9207 | Medium | 6.1 | — | 2024-10-08 | The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. |
Brechtvds · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9051 | Medium | 6.4 | — | 2024-10-11 | The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output es… |
Brevo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8477 | Medium | 4.3 | — | 2024-10-10 | The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. |
Brianbrey · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8729 | Medium | 6.1 | — | 2024-10-10 | The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. |
Btcd_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38365 | High | 7.4 | — | 2024-10-11 | btcd is an alternative full node bitcoin implementation written in Go (golang). |
Buildah_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9675 | High | 7.8 | — | 2024-10-09 | A vulnerability was found in Buildah. |
C-mor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45179 | High | 7.2 | — | 2024-10-09 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. |
Canonical · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9312 | High | 7.5 | — | 2024-10-10 | Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. |
Ccontrols · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9787 | Medium | 5.3 | — | 2024-10-10 | A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. |
Checkmk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6747 | Medium | 5.3 | — | 2024-10-10 | Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data |
Cmsmasters · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7963 | Medium | 6.4 | — | 2024-10-09 | The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping o… |
Codeclysm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47877 | High | 7.5 | — | 2024-10-11 | Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. |
Creativemindssolutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48041 | Medium | 6.5 | — | 2024-10-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary enhanced-tooltipglossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a th… |
Cssjockey · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9457 | Medium | 6.4 | — | 2024-10-10 | The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. |
Curator · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9057 | Medium | 6.4 | — | 2024-10-10 | The Curator.io: Show all your social media posts in a beautiful feed. |
Cure53 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47875 | Critical | 10.0 | — | 2024-10-11 | DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. |
Dale668 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9066 | Medium | 6.4 | — | 2024-10-10 | The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. |
Dataease · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47074 | Critical | 9.8 | — | 2024-10-11 | DataEase is an open source data visualization analysis tool. |
Dell · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-39586 | Low | 2.9 | — | 2024-10-09 | Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. |
Devitemsllc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9538 | Medium | 4.3 | — | 2024-10-11 | The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. |
Directus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47822 | Medium | 4.2 | — | 2024-10-08 | Directus is a real-time API and App dashboard for managing SQL database content. |
Dlink · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-44674 | Medium | 5.7 | — | 2024-10-07 | D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. |
Draytek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-46316 | High | 8.0 | — | 2024-10-09 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. |
Eclipse · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8376 | High | 7.5 | — | 2024-10-11 | In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. |
Essamamdani · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9074 | Medium | 6.4 | — | 2024-10-10 | The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. |
Ewelink · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7206 | — | — | — | 2024-10-08 | SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware |
Eyecix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47636 | Critical | 9.8 | — | 2024-10-10 | Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9. |
Follet School Solutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47095 | — | — | — | 2024-10-08 | Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do. |
Fortra · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8264 | Medium | 5.5 | — | 2024-10-09 | Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled. |
Fullservices · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9211 | Medium | 6.1 | — | 2024-10-11 | The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. |
Gdpr-extensions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9072 | Medium | 6.4 | — | 2024-10-10 | The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. |
Gregross · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9449 | Medium | 6.4 | — | 2024-10-09 | The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. |
Happyplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9581 | High | 7.3 | — | 2024-10-10 | The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. |
Hashicorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9180 | High | 7.2 | — | 2024-10-10 | A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. |
Hcl Software · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30118 | Low | 3.5 | — | 2024-10-09 | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. |
Hdfgroup · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32608 | Critical | 9.8 | — | 2024-10-09 | HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
Hp, Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27458 | High | 8.8 | — | 2024-10-07 | A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. |
Indutny · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48949 | Critical | 9.1 | — | 2024-10-10 | The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. |
Internet-formation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9796 | Critical | 9.8 | — | 2024-10-10 | The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks |
Inventree · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47610 | High | 7.3 | — | 2024-10-07 | InvenTree is an Open Source Inventory Management System. |
Jkev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9810 | Low | 3.5 | — | 2024-10-10 | A vulnerability was found in SourceCodester Record Management System 1.0. |
Jpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-46468 | High | 7.5 | — | 2024-10-11 | A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. |
Lagunaisw · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9522 | High | 8.8 | — | 2024-10-10 | The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. |
Lara-zeus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47817 | Medium | 6.1 | — | 2024-10-07 | Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. |
Laravel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47823 | Critical | 9.8 | — | 2024-10-08 | Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. |
Lemonldap-ng · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48933 | Medium | 6.1 | — | 2024-10-09 | A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows spec… |
Linux Workbooth · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9576 | High | 7.0 | — | 2024-10-07 | Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script. |
Makeplane · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47830 | Critical | 9.3 | — | 2024-10-11 | Plane is an open-source project management tool. |
Matbao · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9065 | Medium | 5.3 | — | 2024-10-10 | The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. |
Mecha-cms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-46446 | Critical | 9.8 | — | 2024-10-07 | Mecha CMS 3.0.0 is vulnerable to Directory Traversal. |
Mediatek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-20094 | High | 7.5 | — | 2024-10-07 | In Modem, there is a possible system crash due to a missing bounds check. |
Meshtastic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47079 | Medium | 6.4 | — | 2024-10-07 | Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. |
Metagauss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47648 | Medium | 4.7 | — | 2024-10-10 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5. |
Michaelzangl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9346 | Medium | 6.1 | — | 2024-10-11 | The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. |
Milestone Systems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3506 | Medium | 6.7 | — | 2024-10-08 | A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions. |
Namogo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9064 | Medium | 6.4 | — | 2024-10-10 | The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. |
Netapp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47814 | Low | 3.9 | — | 2024-10-07 | Vim is an open source, command line text editor. |
Ninja Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47331 | Critical | 9.3 | — | 2024-10-11 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a throu… |
Pac4j · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25581 | — | — | — | 2024-10-10 | pac4j is a security framework for Java. |
Pax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-42133 | Medium | 6.7 | — | 2024-10-11 | PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. |
Payara · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8215 | High | 8.4 | — | 2024-10-08 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 b… |
Pedalo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9822 | Critical | 9.8 | — | 2024-10-11 | The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. |
Posimyth · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8913 | Medium | 4.3 | — | 2024-10-11 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function… |
Publishpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9436 | Medium | 6.1 | — | 2024-10-11 | The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all v… |
Purestorage · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3057 | Critical | 9.8 | — | 2024-10-08 | A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. |
Qode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9292 | Medium | 6.4 | — | 2024-10-08 | The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. |
Quarka · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8513 | Medium | 5.3 | — | 2024-10-10 | The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in al… |
Quomodosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47353 | Medium | 4.7 | — | 2024-10-11 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. |
Rafasashi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9610 | Medium | 6.1 | — | 2024-10-11 | The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. |
Rami.io Gmbh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9575 | — | — | — | 2024-10-09 | Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. |
Relevanssi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9021 | Medium | 5.4 | — | 2024-10-08 | In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor |
Rems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9799 | Low | 3.5 | — | 2024-10-10 | A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. |
Revmakx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-48020 | High | 8.5 | — | 2024-10-11 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsu… |
Robosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8431 | Medium | 4.3 | — | 2024-10-08 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. |
Rocket.chat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42027 | Medium | 6.7 | — | 2024-10-07 | The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. |
Royal-elementor-addons · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8482 | Medium | 6.4 | — | 2024-10-08 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. |
Saltcorn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47818 | Medium | 6.5 | — | 2024-10-07 | Saltcorn is an extensible, open source, no-code database application builder. |
Seur · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9201 | Critical | 9.4 | — | 2024-10-10 | The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. |
Silabs.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6657 | Medium | 6.5 | — | 2024-10-11 | A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. |
Sirv · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8964 | Medium | 6.4 | — | 2024-10-08 | The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. |
Smashballoon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8983 | Medium | 4.8 | — | 2024-10-08 | Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil… |
Ssoready · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47832 | Critical | 9.8 | — | 2024-10-09 | ssoready is a single sign on provider implemented via docker. |
Stylemix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47344 | Medium | 5.3 | — | 2024-10-07 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Stylemix uListing ulisting.This issue affects uListing: from n/a through <= 2.1.5. |
Te Informatics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4658 | — | — | — | 2024-10-10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection. |
Templateinvaders · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9156 | High | 7.5 | — | 2024-10-10 | The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. |
Tenda · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9793 | Medium | 6.3 | — | 2024-10-10 | A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. |
Total-soft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9022 | High | 7.2 | — | 2024-10-10 | The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.4.0 due to insufficient escaping on the user supplied paramet… |
Trtek Software · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9286 | — | — | — | 2024-10-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection. |
Ttodua · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9611 | Medium | 6.1 | — | 2024-10-11 | The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including… |
Typo3 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47780 | Low | 3.1 | — | 2024-10-08 | TYPO3 is a free and open source Content Management Framework. |
Webtoffee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7514 | Medium | 6.5 | — | 2024-10-11 | The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. |
Wp-buy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-4534 | Medium | 5.3 | — | 2024-10-08 | The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. |
Wp.insider · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47354 | Medium | 4.7 | — | 2024-10-10 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership After Login Redirection simple-membership-after-login-redirection.This issue affects Simple Membership After Login Redirection: from n/a thro… |
Zefr0x · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47884 | — | — | — | 2024-10-11 | foxmarks is a CLI read-only interface for Firefox's bookmarks and history. |
Zoho Flow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47334 | High | 7.6 | — | 2024-10-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow zoho-flow allows SQL Injection.This issue affects Zoho Flow: from n/a through <= 2.7.1. |
Zte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22068 | Medium | 6.0 | — | 2024-10-10 | Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series… |