Total
92963 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38640 | 1 Qnap | 1 Download Station | 2024-09-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later | |||||
| CVE-2024-44996 | 1 Linux | 1 Linux Kernel | 2024-09-16 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion could happen: vsock_bpf_recvmsg() -> __vsock_recvmsg() -> vsock_connectible_recvmsg() -> prot->recvmsg() -> vsock_bpf_recvmsg() again We need to fix it by calling the original ->recvmsg() without any BPF sockmap logic in __vsock_recvmsg(). | |||||
| CVE-2024-34134 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-09-16 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-41873 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-09-16 | N/A | 5.5 MEDIUM |
| Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-41872 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-09-16 | N/A | 5.5 MEDIUM |
| Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-41870 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-09-16 | N/A | 5.5 MEDIUM |
| Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-6789 | 1 M-files | 1 M-files Server | 2024-09-16 | N/A | 6.5 MEDIUM |
| A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files | |||||
| CVE-2024-44995 | 1 Linux | 1 Linux Kernel | 2024-09-15 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start │ ▼ ...... setup tc │ │ ▼ ▼ DOWN: napi_disable() napi_disable()(skip) │ │ │ ▼ ▼ ...... ...... │ │ ▼ │ napi_enable() │ ▼ UINIT: netif_napi_del() │ ▼ ...... │ ▼ INIT: netif_napi_add() │ ▼ ...... global reset start │ │ ▼ ▼ UP: napi_enable()(skip) ...... │ │ ▼ ▼ ...... napi_disable() In reset process, the driver will DOWN the port and then UINIT, in this case, the setup tc process will UP the port before UINIT, so cause the problem. Adds a DOWN process in UINIT to fix it. | |||||
| CVE-2024-46686 | 1 Linux | 1 Linux Kernel | 2024-09-14 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. | |||||
| CVE-2024-46685 | 1 Linux | 1 Linux Kernel | 2024-09-14 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. | |||||
| CVE-2024-4550 | 2024-09-14 | N/A | 6.7 MEDIUM | ||
| A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2024-45105 | 2024-09-14 | N/A | 6.7 MEDIUM | ||
| An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2024-3100 | 2024-09-14 | N/A | 6.7 MEDIUM | ||
| A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2024-8059 | 2024-09-14 | N/A | 4.3 MEDIUM | ||
| IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters. | |||||
| CVE-2024-7756 | 2024-09-14 | N/A | 6.8 MEDIUM | ||
| A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. | |||||
| CVE-2024-45101 | 2024-09-14 | N/A | 6.8 MEDIUM | ||
| A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. | |||||
| CVE-2024-42037 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-13 | N/A | 6.2 MEDIUM |
| Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-32762 | 1 Qnap | 1 Qulog Center | 2024-09-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later | |||||
| CVE-2024-27125 | 1 Qnap | 1 Helpdesk | 2024-09-13 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later | |||||
| CVE-2024-5624 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session | |||||