Total
1337 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21937 | 1 Amd | 2 Radeon Software, Radeon Software For Hip | 2024-11-27 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2019-1982 | 1 Cisco | 3 Firepower Services Software For Asa, Firepower Threat Defense, Secure Firewall Management Center | 2024-11-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. | |||||
| CVE-2024-6640 | 2024-11-26 | N/A | 6.3 MEDIUM | ||
| In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated. ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table. | |||||
| CVE-2024-6476 | 2024-11-26 | N/A | 4.2 MEDIUM | ||
| Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-46467 | 2024-11-25 | N/A | 7.8 HIGH | ||
| By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONEPOINT has to be modified to prevent this vulnerability. | |||||
| CVE-2024-46466 | 2024-11-25 | N/A | 7.8 HIGH | ||
| By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this vulnerability. | |||||
| CVE-2024-46465 | 2024-11-25 | N/A | 7.8 HIGH | ||
| By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability. | |||||
| CVE-2024-46463 | 2024-11-25 | N/A | 7.8 HIGH | ||
| By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ORIZON has to be modified to prevent this vulnerability. | |||||
| CVE-2024-46462 | 2024-11-25 | N/A | 7.8 HIGH | ||
| By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability. | |||||
| CVE-2018-9467 | 1 Google | 1 Android | 2024-11-22 | N/A | 9.8 CRITICAL |
| In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9369 | 1 Google | 1 Android | 2024-11-22 | N/A | 7.3 HIGH |
| In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2018-9432 | 1 Google | 1 Android | 2024-11-22 | N/A | 7.8 HIGH |
| In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-32368 | 2024-11-22 | N/A | 7.3 HIGH | ||
| Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component. | |||||
| CVE-2024-52946 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. | |||||
| CVE-2024-28058 | 2024-11-21 | N/A | 7.5 HIGH | ||
| In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data. | |||||
| CVE-2024-6326 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2024-11-21 | N/A | 5.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network. | |||||
| CVE-2024-6325 | 1 Rockwellautomation | 1 Factorytalk Policy Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html | |||||
| CVE-2024-6238 | 2024-11-21 | N/A | 7.4 HIGH | ||
| pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms. | |||||
| CVE-2024-6122 | 1 Ni | 2 Flexlogger, Systemlink | 2024-11-21 | N/A | 5.5 MEDIUM |
| An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. | |||||
| CVE-2024-5967 | 2024-11-21 | N/A | 2.7 LOW | ||
| A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain. | |||||