Total
1790 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21259 | 1 Oracle | 1 Vm Virtualbox | 2024-10-18 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2024-48911 | 1 Thinkst | 1 Opencanary | 2024-10-17 | N/A | 7.8 HIGH |
| OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue. | |||||
| CVE-2024-38425 | 1 Qualcomm | 48 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 45 more | 2024-10-16 | N/A | 6.1 MEDIUM |
| Information disclosure while sending implicit broadcast containing APP launch information. | |||||
| CVE-2024-9623 | 1 Gitlab | 1 Gitlab | 2024-10-16 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. | |||||
| CVE-2024-48787 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48786 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48784 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48778 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48772 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48769 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | |||||
| CVE-2024-48792 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-8970 | 2024-10-15 | N/A | 8.2 HIGH | ||
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | |||||
| CVE-2024-45132 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-14 | N/A | 6.5 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45131 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-14 | N/A | 5.4 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45128 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-14 | N/A | 5.4 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45125 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-7266 | 1 Nask | 1 Ezd Rp | 2024-10-10 | N/A | 4.3 MEDIUM |
| Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. | |||||
| CVE-2024-7265 | 1 Nask | 1 Ezd Rp | 2024-10-10 | N/A | 8.8 HIGH |
| Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. | |||||
| CVE-2024-47780 | 2024-10-10 | N/A | 3.1 LOW | ||
| TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-45160 | 2024-10-10 | N/A | 9.1 CRITICAL | ||
| Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). | |||||