Total
81934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43646 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2024-11-18 | N/A | 7.8 HIGH |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | |||||
| CVE-2024-43645 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 2 more | 2024-11-18 | N/A | 7.8 HIGH |
| Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | |||||
| CVE-2024-43644 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 7.8 HIGH |
| Windows Client-Side Caching Elevation of Privilege Vulnerability | |||||
| CVE-2024-49046 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 7.8 HIGH |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | |||||
| CVE-2024-49048 | 1 Microsoft | 1 Torchgeo | 2024-11-18 | N/A | 8.1 HIGH |
| TorchGeo Remote Code Execution Vulnerability | |||||
| CVE-2024-43629 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-11-18 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2024-49049 | 1 Microsoft | 1 Remote Ssh | 2024-11-18 | N/A | 7.1 HIGH |
| Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | |||||
| CVE-2024-3760 | 1 Lunary | 1 Lunary | 2024-11-18 | N/A | 7.5 HIGH |
| In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only overwhelms the victim's mailbox, making it difficult to manage and locate legitimate emails, but also significantly impacts mail servers by consuming their resources. The increased load can cause performance degradation and, in severe cases, make the mail servers unresponsive or unavailable, disrupting email services for the entire organization. | |||||
| CVE-2024-3379 | 1 Lunary | 1 Lunary | 2024-11-18 | N/A | 8.1 HIGH |
| In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7. | |||||
| CVE-2024-49019 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2024-11-18 | N/A | 7.8 HIGH |
| Active Directory Certificate Services Elevation of Privilege Vulnerability | |||||
| CVE-2024-43627 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 8.8 HIGH |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2024-43628 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 8.8 HIGH |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2024-50972 | 1 Angeljudesuarez | 1 Construction Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter. | |||||
| CVE-2024-50971 | 1 Angeljudesuarez | 1 Construction Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter. | |||||
| CVE-2024-50970 | 1 Nikoarroyocuraza | 1 Online Furniture Shopping Project | 2024-11-18 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-49028 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-11-18 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-49031 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-18 | N/A | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2024-49032 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-18 | N/A | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2024-48837 | 1 Dell | 1 Smartfabric Os10 | 2024-11-18 | N/A | 7.8 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution | |||||
| CVE-2024-50209 | 1 Linux | 1 Linux Kernel | 2024-11-18 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances. | |||||