Total
82278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33064 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | N/A | 8.2 HIGH |
| Information disclosure while parsing the multiple MBSSID IEs from the beacon. | |||||
| CVE-2024-33069 | 1 Qualcomm | 88 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 85 more | 2024-10-16 | N/A | 7.5 HIGH |
| Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. | |||||
| CVE-2024-33070 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | N/A | 7.5 HIGH |
| Transient DOS while parsing ESP IE from beacon/probe response frame. | |||||
| CVE-2024-33071 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | N/A | 7.5 HIGH |
| Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. | |||||
| CVE-2024-44775 | 2024-10-16 | N/A | 7.5 HIGH | ||
| An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request. | |||||
| CVE-2024-44734 | 2024-10-16 | N/A | 7.5 HIGH | ||
| Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. | |||||
| CVE-2024-44729 | 2024-10-16 | N/A | 7.5 HIGH | ||
| Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. | |||||
| CVE-2024-38097 | 1 Microsoft | 1 Azure Monitor Agent | 2024-10-16 | N/A | 7.1 HIGH |
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-38029 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-10-16 | N/A | 7.5 HIGH |
| Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | |||||
| CVE-2024-43365 | 1 Cacti | 1 Cacti | 2024-10-16 | N/A | 8.2 HIGH |
| Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-45291 | 1 Phpoffice | 1 Phpspreadsheet | 2024-10-16 | N/A | 8.8 HIGH |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability. | |||||
| CVE-2024-38399 | 1 Qualcomm | 80 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 77 more | 2024-10-16 | N/A | 7.8 HIGH |
| Memory corruption while processing user packets to generate page faults. | |||||
| CVE-2024-47194 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | N/A | 7.3 HIGH |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. | |||||
| CVE-2024-47195 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | N/A | 7.3 HIGH |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. | |||||
| CVE-2024-8422 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-10-16 | N/A | 7.8 HIGH |
| CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. | |||||
| CVE-2024-8215 | 1 Payara | 1 Payara | 2024-10-16 | N/A | 8.4 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. | |||||
| CVE-2024-47559 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 8.8 HIGH |
| Authenticated RCE via Path Traversal | |||||
| CVE-2024-47558 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 8.8 HIGH |
| Authenticated RCE via Path Traversal | |||||
| CVE-2024-37982 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-16 | N/A | 7.8 HIGH |
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||
| CVE-2024-37979 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-10-16 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||