Total
1862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28115 | 1 Amazon | 1 Freertos | 2024-11-21 | N/A | 8.8 HIGH |
| FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. | |||||
| CVE-2024-28087 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable. | |||||
| CVE-2024-28016 | 2024-11-21 | N/A | N/A | ||
| Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to get device informations via the internet. | |||||
| CVE-2024-27841 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory. | |||||
| CVE-2024-27790 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests. | |||||
| CVE-2024-27602 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module. | |||||
| CVE-2024-27497 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. | |||||
| CVE-2024-27348 | 2 Apache, Oracle | 3 Hugegraph, Jdk, Jre | 2024-11-21 | N/A | 9.8 CRITICAL |
| RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | |||||
| CVE-2024-27264 | 2024-11-21 | N/A | 7.4 HIGH | ||
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | |||||
| CVE-2024-26310 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges. | |||||
| CVE-2024-26234 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Proxy Driver Spoofing Vulnerability | |||||
| CVE-2024-26203 | 2024-11-21 | N/A | 7.3 HIGH | ||
| Azure Data Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-26201 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-26139 | 2024-11-21 | N/A | 8.3 HIGH | ||
| OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application. | |||||
| CVE-2024-26119 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Adobe Experience Manager versions 6.5.19 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-26029 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 7.5 HIGH |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose information. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-25981 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | |||||
| CVE-2024-25980 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | |||||
| CVE-2024-25962 | 2024-11-21 | N/A | 8.3 HIGH | ||
| Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. | |||||
| CVE-2024-25852 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. | |||||