Total
79511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42039 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-12 | N/A | 7.5 HIGH |
| Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-45441 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-12 | N/A | 7.5 HIGH |
| Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-45450 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-12 | N/A | 7.5 HIGH |
| Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-39283 | 1 Intel | 1 Tdx Module Software | 2024-09-12 | N/A | 7.8 HIGH |
| Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-34163 | 1 Intel | 18 Nuc X15 Laptop Kit Lapac71g, Nuc X15 Laptop Kit Lapac71g Firmware, Nuc X15 Laptop Kit Lapac71h and 15 more | 2024-09-12 | N/A | 8.2 HIGH |
| Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. | |||||
| CVE-2024-29015 | 1 Intel | 2 Oneapi Base Toolkit, Vtune Profiler | 2024-09-12 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28947 | 1 Intel | 1 Server Board S2600st Firmware | 2024-09-12 | N/A | 8.2 HIGH |
| Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28887 | 1 Intel | 2 Integrated Performance Primitives, Oneapi Base Toolkit | 2024-09-12 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-24977 | 1 Intel | 1 License Manager For Flexim | 2024-09-12 | N/A | 7.8 HIGH |
| Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-23908 | 1 Intel | 1 Flexlm License Daemons For Intel Fpga | 2024-09-12 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-43791 | 1 Steveklabnik | 1 Request Store | 2024-09-12 | N/A | 7.8 HIGH |
| RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed. | |||||
| CVE-2024-23497 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-12 | N/A | 8.8 HIGH |
| Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-45857 | 2024-09-12 | N/A | 7.8 HIGH | ||
| Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded. | |||||
| CVE-2024-23489 | 1 Intel | 1 Virtual Raid On Cpu | 2024-09-12 | N/A | 7.3 HIGH |
| Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-34019 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | |||||
| CVE-2024-34017 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | |||||
| CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | N/A | 8.8 HIGH |
| File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | |||||
| CVE-2024-43264 | 1 Mediavine | 1 Create | 2024-09-12 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8. | |||||
| CVE-2024-6311 | 1 Funnelforms | 1 Funnelforms Free | 2024-09-12 | N/A | 7.2 HIGH |
| The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-8391 | 1 Eclipse | 1 Vert.x | 2024-09-12 | N/A | 7.5 HIGH |
| In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | |||||