Total
78917 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41964 | 1 Getkirby | 1 Kirby | 2024-09-06 | N/A | 8.1 HIGH |
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability. | |||||
CVE-2024-5991 | 1 Wolfssl | 1 Wolfssl | 2024-09-06 | N/A | 7.5 HIGH |
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. | |||||
CVE-2024-8164 | 1 Beikeshop | 1 Beikeshop | 2024-09-06 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability, which was classified as critical, has been found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function rename of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the argument new_name leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-8163 | 1 Beikeshop | 1 Beikeshop | 2024-09-06 | 5.5 MEDIUM | 8.1 HIGH |
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-7570 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | N/A | 8.1 HIGH |
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | |||||
CVE-2024-37901 | 1 Xwiki | 1 Xwiki | 2024-09-06 | N/A | 8.8 HIGH |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2. | |||||
CVE-2024-23499 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 7.5 HIGH |
Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
CVE-2024-23907 | 1 Intel | 3 High Level Synthesis Compiler, Oneapi Dpc\+\+\/c\+\+ Compiler, Quartus Prime | 2024-09-06 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-23909 | 1 Intel | 1 Field Programmable Gate Array Software Development Kit For Opencl | 2024-09-06 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-23981 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 8.8 HIGH |
Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-24986 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 8.8 HIGH |
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-25576 | 1 Intel | 1 Agilex 7 Fpga Firmware | 2024-09-06 | N/A | 7.9 HIGH |
improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | |||||
CVE-2024-26022 | 1 Intel | 1 Aptio V Uefi Firmware Integrator Tools | 2024-09-06 | N/A | 7.8 HIGH |
Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-26025 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2024-09-06 | N/A | 7.8 HIGH |
Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-26027 | 1 Intel | 1 Simics Package Manager | 2024-09-06 | N/A | 7.8 HIGH |
Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-28046 | 1 Intel | 1 Graphics Performance Analyzers | 2024-09-06 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-28172 | 1 Intel | 2 Oneapi Hpc Toolkit, Trace Analyzer And Collector | 2024-09-06 | N/A | 7.3 HIGH |
Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-28876 | 1 Intel | 2 Mpi Library, Oneapi Hpc Toolkit | 2024-09-06 | N/A | 7.3 HIGH |
Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-45053 | 1 Ethyca | 1 Fides | 2024-09-06 | N/A | 7.2 HIGH |
Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds. | |||||
CVE-2024-5412 | 1 Zyxel | 100 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 97 more | 2024-09-06 | N/A | 7.5 HIGH |
A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. |