Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33996 | 2024-07-03 | N/A | 6.2 MEDIUM | ||
| Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | |||||
| CVE-2024-33792 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
| CVE-2024-32371 | 2024-07-03 | N/A | 7.5 HIGH | ||
| An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | |||||
| CVE-2024-31965 | 2024-07-03 | N/A | 4.2 MEDIUM | ||
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information. | |||||
| CVE-2024-31865 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | |||||
| CVE-2024-31860 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | |||||
| CVE-2024-31841 | 2024-07-03 | N/A | 7.5 HIGH | ||
| An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. | |||||
| CVE-2024-2257 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats. | |||||
| CVE-2024-24981 | 2024-07-03 | N/A | 7.5 HIGH | ||
| Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-23707 | 2024-07-03 | N/A | 7.8 HIGH | ||
| In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-23706 | 2024-07-03 | N/A | 7.4 HIGH | ||
| In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-23705 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-23263 | 2024-07-03 | N/A | 8.1 HIGH | ||
| A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
| CVE-2024-23246 | 2024-07-03 | N/A | 8.1 HIGH | ||
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. | |||||
| CVE-2024-22390 | 2024-07-03 | N/A | 4.4 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service. | |||||
| CVE-2024-22015 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. | |||||
| CVE-2024-20034 | 2024-07-03 | N/A | 7.2 HIGH | ||
| In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue ID: ALPS08488849. | |||||
| CVE-2024-20004 | 1 Mediatek | 21 Mt2735, Mt6297, Mt6833 and 18 more | 2024-07-03 | N/A | 7.5 HIGH |
| In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). | |||||
| CVE-2024-20003 | 1 Mediatek | 21 Mt2735, Mt6297, Mt6833 and 18 more | 2024-07-03 | N/A | 7.5 HIGH |
| In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). | |||||
| CVE-2023-48368 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | |||||