Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23717 | 2024-08-16 | N/A | 9.1 CRITICAL | ||
| In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-25090 | 1 Apache | 1 Roller | 2024-08-16 | N/A | 5.4 MEDIUM |
| Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue. | |||||
| CVE-2024-32860 | 1 Dell | 44 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R11 and 41 more | 2024-08-16 | N/A | 8.2 HIGH |
| Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2024-38189 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-16 | N/A | 8.8 HIGH |
| Microsoft Project Remote Code Execution Vulnerability | |||||
| CVE-2024-38196 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-15 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-38201 | 1 Microsoft | 1 Azure Stack Hub | 2024-08-15 | N/A | 7.0 HIGH |
| Azure Stack Hub Elevation of Privilege Vulnerability | |||||
| CVE-2024-37373 | 1 Ivanti | 1 Avalanche | 2024-08-15 | N/A | 7.2 HIGH |
| Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | |||||
| CVE-2024-34118 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-7507 | 2024-08-15 | N/A | N/A | ||
| CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller. | |||||
| CVE-2024-7515 | 2024-08-15 | N/A | N/A | ||
| CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller. | |||||
| CVE-2023-23397 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-14 | N/A | 9.8 CRITICAL |
| Microsoft Outlook Elevation of Privilege Vulnerability | |||||
| CVE-2023-47003 | 1 Redislabs | 1 Redisgraph | 2024-08-14 | N/A | 9.8 CRITICAL |
| An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | |||||
| CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | |||||
| CVE-2023-34424 | 2024-08-14 | N/A | 4.4 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2024-21810 | 2024-08-14 | N/A | 8.8 HIGH | ||
| Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-31366 | 2024-08-14 | N/A | 3.3 LOW | ||
| Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | |||||
| CVE-2023-36563 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-08-14 | N/A | 5.5 MEDIUM |
| Microsoft WordPad Information Disclosure Vulnerability | |||||
| CVE-2022-2856 | 5 Apple, Fedoraproject, Google and 2 more | 6 Macos, Fedora, Android and 3 more | 2024-08-14 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | |||||
| CVE-2023-31339 | 2024-08-14 | N/A | 4.8 MEDIUM | ||
| Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service. | |||||
| CVE-2024-23600 | 2024-08-13 | N/A | 2.7 LOW | ||
| Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. | |||||