Vulnerabilities (CVE)

Total 79511 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-42039 1 Huawei 2 Emui, Harmonyos 2024-09-12 N/A 7.5 HIGH
Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45441 1 Huawei 2 Emui, Harmonyos 2024-09-12 N/A 7.5 HIGH
Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-45450 1 Huawei 2 Emui, Harmonyos 2024-09-12 N/A 7.5 HIGH
Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-39283 1 Intel 1 Tdx Module Software 2024-09-12 N/A 7.8 HIGH
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34163 1 Intel 18 Nuc X15 Laptop Kit Lapac71g, Nuc X15 Laptop Kit Lapac71g Firmware, Nuc X15 Laptop Kit Lapac71h and 15 more 2024-09-12 N/A 8.2 HIGH
Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.
CVE-2024-29015 1 Intel 2 Oneapi Base Toolkit, Vtune Profiler 2024-09-12 N/A 7.8 HIGH
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28947 1 Intel 1 Server Board S2600st Firmware 2024-09-12 N/A 8.2 HIGH
Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-28887 1 Intel 2 Integrated Performance Primitives, Oneapi Base Toolkit 2024-09-12 N/A 7.8 HIGH
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24977 1 Intel 1 License Manager For Flexim 2024-09-12 N/A 7.8 HIGH
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23908 1 Intel 1 Flexlm License Daemons For Intel Fpga 2024-09-12 N/A 7.8 HIGH
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-43791 1 Steveklabnik 1 Request Store 2024-09-12 N/A 7.8 HIGH
RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.
CVE-2024-23497 1 Intel 1 Ethernet 800 Series Controllers Driver 2024-09-12 N/A 8.8 HIGH
Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-45857 2024-09-12 N/A 7.8 HIGH
Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.
CVE-2024-23489 1 Intel 1 Virtual Raid On Cpu 2024-09-12 N/A 7.3 HIGH
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34019 1 Acronis 1 Snap Deploy 2024-09-12 N/A 7.3 HIGH
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
CVE-2024-34017 1 Acronis 1 Snap Deploy 2024-09-12 N/A 7.3 HIGH
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
CVE-2024-8463 1 Phpgurukul 1 Job Portal 2024-09-12 N/A 8.8 HIGH
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
CVE-2024-43264 1 Mediavine 1 Create 2024-09-12 N/A 7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8.
CVE-2024-6311 1 Funnelforms 1 Funnelforms Free 2024-09-12 N/A 7.2 HIGH
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-8391 1 Eclipse 1 Vert.x 2024-09-12 N/A 7.5 HIGH
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)