Vulnerabilities (CVE)

Total 79717 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-41864 1 Adobe 1 Substance 3d Designer 2024-08-14 N/A 7.8 HIGH
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-38153 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-08-14 N/A 7.8 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38152 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-08-14 N/A 7.8 HIGH
Windows OLE Remote Code Execution Vulnerability
CVE-2024-38150 1 Microsoft 8 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 5 more 2024-08-14 N/A 7.8 HIGH
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-41939 1 Siemens 1 Sinec Nms 2024-08-14 N/A 8.8 HIGH
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.
CVE-2024-21801 2024-08-14 N/A 7.1 HIGH
Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-42667 2024-08-14 N/A 7.8 HIGH
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21807 2024-08-14 N/A 8.8 HIGH
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21810 2024-08-14 N/A 8.8 HIGH
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24853 2024-08-14 N/A 7.2 HIGH
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-38106 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-08-14 N/A 7.0 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-42738 1 Totolink 2 X5000r, X5000r Firmware 2024-08-14 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-38178 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2024-08-14 N/A 7.5 HIGH
Scripting Engine Memory Corruption Vulnerability
CVE-2024-38107 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2024-08-14 N/A 7.8 HIGH
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
CVE-2024-42739 1 Totolink 2 X5000r, X5000r Firmware 2024-08-14 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-39401 1 Adobe 2 Commerce, Magento 2024-08-14 N/A 8.4 HIGH
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
CVE-2024-39400 1 Adobe 2 Commerce, Magento 2024-08-14 N/A 8.1 HIGH
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.
CVE-2024-39399 1 Adobe 2 Commerce, Magento 2024-08-14 N/A 7.7 HIGH
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.
CVE-2024-39398 1 Adobe 2 Commerce, Magento 2024-08-14 N/A 7.4 HIGH
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.
CVE-2024-39403 1 Adobe 2 Commerce, Magento 2024-08-14 N/A 7.6 HIGH
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.