Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26181 | 2024-06-11 | N/A | 5.5 MEDIUM | ||
| Windows Kernel Denial of Service Vulnerability | |||||
| CVE-2024-26173 | 2024-06-11 | N/A | 7.8 HIGH | ||
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-28103 | 1 Rubyonrails | 1 Rails | 2024-06-11 | N/A | 9.8 CRITICAL |
| Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. | |||||
| CVE-2024-21388 | 1 Microsoft | 1 Edge Chromium | 2024-06-11 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2024-21304 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-06-11 | N/A | 4.1 MEDIUM |
| Trusted Compute Base Elevation of Privilege Vulnerability | |||||
| CVE-2024-20666 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-06-11 | N/A | 6.6 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2024-3096 | 2024-06-10 | N/A | 6.5 MEDIUM | ||
| In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. | |||||
| CVE-2024-2756 | 2024-06-10 | N/A | 6.5 MEDIUM | ||
| Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. | |||||
| CVE-2024-25581 | 2024-06-10 | N/A | 7.5 HIGH | ||
| When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default. | |||||
| CVE-2024-25046 | 2024-06-10 | N/A | 5.3 MEDIUM | ||
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953. | |||||
| CVE-2024-27254 | 2024-06-10 | N/A | 5.3 MEDIUM | ||
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813. | |||||
| CVE-2024-25641 | 2024-06-10 | N/A | 9.1 CRITICAL | ||
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. | |||||
| CVE-2024-22360 | 2024-06-10 | N/A | 5.3 MEDIUM | ||
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. | |||||
| CVE-2023-52296 | 2024-06-10 | N/A | 5.3 MEDIUM | ||
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547. | |||||
| CVE-2021-37147 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. | |||||
| CVE-2024-36390 | 2024-06-03 | N/A | 7.5 HIGH | ||
| MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service | |||||
| CVE-2024-23668 | 2024-06-03 | N/A | 8.8 HIGH | ||
| An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. | |||||
| CVE-2024-3829 | 2024-06-03 | N/A | 9.8 CRITICAL | ||
| qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0. | |||||
| CVE-2024-22338 | 2024-05-31 | N/A | 4.0 MEDIUM | ||
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | |||||
| CVE-2024-3584 | 2024-05-30 | N/A | 9.8 CRITICAL | ||
| qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0. | |||||