Total
79614 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-39424 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-15 | N/A | 7.8 HIGH |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-39425 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-15 | N/A | 7.0 HIGH |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high. | |||||
CVE-2024-39426 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-15 | N/A | 7.8 HIGH |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-41831 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-15 | N/A | 7.8 HIGH |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-33958 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 7.5 HIGH |
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' parameter. | |||||
CVE-2024-34133 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 7.8 HIGH |
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-33957 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 7.5 HIGH |
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter | |||||
CVE-2024-42744 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-15 | N/A | 8.8 HIGH |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
CVE-2024-42477 | 1 Ggerganov | 1 Llama.cpp | 2024-08-15 | N/A | 7.5 HIGH |
llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561. | |||||
CVE-2024-40476 | 1 Mayurik | 1 Best House Rental Management | 2024-08-15 | N/A | 8.0 HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant. | |||||
CVE-2024-40475 | 1 Mayurik | 1 Best House Rental Management System | 2024-08-15 | N/A | 8.8 HIGH |
SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php. | |||||
CVE-2024-40465 | 1 Beego | 1 Beego | 2024-08-15 | N/A | 8.8 HIGH |
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file | |||||
CVE-2024-40464 | 1 Beego | 1 Beego | 2024-08-15 | N/A | 8.8 HIGH |
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file | |||||
CVE-2024-41904 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 7.5 HIGH |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys. | |||||
CVE-2024-41903 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 7.2 HIGH |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption. | |||||
CVE-2024-41681 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | N/A | 7.5 HIGH |
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device. | |||||
CVE-2024-36398 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 7.8 HIGH |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | |||||
CVE-2024-41864 | 1 Adobe | 1 Substance 3d Designer | 2024-08-14 | N/A | 7.8 HIGH |
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-38153 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-14 | N/A | 7.8 HIGH |
Windows Kernel Elevation of Privilege Vulnerability | |||||
CVE-2024-38152 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-14 | N/A | 7.8 HIGH |
Windows OLE Remote Code Execution Vulnerability |