Total
79741 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41904 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 7.5 HIGH |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys. | |||||
CVE-2024-41903 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 7.2 HIGH |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption. | |||||
CVE-2024-41681 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | N/A | 7.5 HIGH |
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device. | |||||
CVE-2024-36398 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 7.8 HIGH |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | |||||
CVE-2024-41864 | 1 Adobe | 1 Substance 3d Designer | 2024-08-14 | N/A | 7.8 HIGH |
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-38153 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-14 | N/A | 7.8 HIGH |
Windows Kernel Elevation of Privilege Vulnerability | |||||
CVE-2024-38152 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-14 | N/A | 7.8 HIGH |
Windows OLE Remote Code Execution Vulnerability | |||||
CVE-2024-38150 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 5 more | 2024-08-14 | N/A | 7.8 HIGH |
Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
CVE-2024-41939 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 8.8 HIGH |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. | |||||
CVE-2024-21801 | 2024-08-14 | N/A | 7.1 HIGH | ||
Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2023-42667 | 2024-08-14 | N/A | 7.8 HIGH | ||
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-21807 | 2024-08-14 | N/A | 8.8 HIGH | ||
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-21810 | 2024-08-14 | N/A | 8.8 HIGH | ||
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-24853 | 2024-08-14 | N/A | 7.2 HIGH | ||
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-38106 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-08-14 | N/A | 7.0 HIGH |
Windows Kernel Elevation of Privilege Vulnerability | |||||
CVE-2024-42738 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-14 | N/A | 8.8 HIGH |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
CVE-2024-38178 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-08-14 | N/A | 7.5 HIGH |
Scripting Engine Memory Corruption Vulnerability | |||||
CVE-2024-38107 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-08-14 | N/A | 7.8 HIGH |
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | |||||
CVE-2024-42739 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-14 | N/A | 8.8 HIGH |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
CVE-2024-39401 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | N/A | 8.4 HIGH |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. |