Vulnerabilities (CVE)

Total 79772 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-38195 1 Microsoft 1 Azure Cyclecloud 2024-08-15 N/A 7.8 HIGH
Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-38196 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-08-15 N/A 7.8 HIGH
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-38198 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-08-15 N/A 7.5 HIGH
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-38201 1 Microsoft 1 Azure Stack Hub 2024-08-15 N/A 7.0 HIGH
Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38211 1 Microsoft 1 Dynamics 365 2024-08-15 N/A 8.2 HIGH
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-42944 1 Tenda 2 Fh1201, Fh1201 Firmware 2024-08-15 N/A 7.5 HIGH
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-7326 1 Itopvpn 1 Dualsafe Password Manager 2024-08-15 6.8 MEDIUM 7.8 HIGH
A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7661 1 Oretnom23 1 Car Driving School Management System 2024-08-15 5.0 MEDIUM 8.8 HIGH
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7659 1 Projectsend 1 Projectsend 2024-08-15 2.6 LOW 7.5 HIGH
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component.
CVE-2024-38134 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-08-15 N/A 7.8 HIGH
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-42628 1 Frogcms Project 1 Frogcms 2024-08-15 N/A 8.8 HIGH
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.
CVE-2024-42624 1 Frogcms Project 1 Frogcms 2024-08-15 N/A 8.8 HIGH
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
CVE-2024-38653 1 Ivanti 1 Avalanche 2024-08-15 N/A 7.5 HIGH
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVE-2024-37399 1 Ivanti 1 Avalanche 2024-08-15 N/A 7.5 HIGH
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVE-2024-37373 1 Ivanti 1 Avalanche 2024-08-15 N/A 7.2 HIGH
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVE-2024-36136 1 Ivanti 1 Avalanche 2024-08-15 N/A 7.5 HIGH
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVE-2024-39422 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-08-15 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39423 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-08-15 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39424 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-08-15 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39425 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-08-15 N/A 7.0 HIGH
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.