Total
81867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8864 | 1 Composio | 1 Composio | 2024-09-17 | 5.2 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-39585 | 1 Dell | 1 Smartfabric Os10 | 2024-09-17 | N/A | 8.1 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. | |||||
| CVE-2024-42365 | 1 Asterisk | 2 Asterisk, Certified Asterisk | 2024-09-16 | N/A | 8.8 HIGH |
| Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. | |||||
| CVE-2024-42489 | 1 Xwiki | 1 Pro Macros | 2024-09-16 | N/A | 8.8 HIGH |
| Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This vulnerability is fixed in 1.10.1. | |||||
| CVE-2024-0108 | 1 Nvidia | 17 Jetson Agx Xavier, Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb and 14 more | 2024-09-16 | N/A | 8.8 HIGH |
| NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges. | |||||
| CVE-2024-28991 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | N/A | 8.8 HIGH |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. | |||||
| CVE-2024-45855 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 7.5 HIGH |
| Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it. | |||||
| CVE-2024-23599 | 2024-09-16 | N/A | 7.9 HIGH | ||
| Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-41833 | 2024-09-16 | N/A | 7.5 HIGH | ||
| A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21829 | 2024-09-16 | N/A | 7.5 HIGH | ||
| Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-42772 | 2024-09-16 | N/A | 8.2 HIGH | ||
| Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-43626 | 2024-09-16 | N/A | 7.5 HIGH | ||
| Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21871 | 2024-09-16 | N/A | 7.5 HIGH | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21781 | 2024-09-16 | N/A | 7.2 HIGH | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. | |||||
| CVE-2024-45854 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 7.5 HIGH |
| Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it. | |||||
| CVE-2024-45853 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 7.5 HIGH |
| Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction. | |||||
| CVE-2024-45852 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 8.8 HIGH |
| Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with. | |||||
| CVE-2024-45851 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 8.8 HIGH |
| An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server. | |||||
| CVE-2024-45850 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 8.8 HIGH |
| An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server. | |||||
| CVE-2024-45849 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 8.8 HIGH |
| An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server. | |||||