Total
263457 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29848 | 2024-09-19 | N/A | ||
| An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-7254 | 2024-09-19 | N/A | ||
| Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. | ||||
| CVE-2024-27348 | 1 Apache | 1 Hugegraph-server | 2024-09-19 | 9.8 Critical |
| RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | ||||
| CVE-2019-1069 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-09-19 | 7.8 High |
| An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'. | ||||
| CVE-2020-14644 | 1 Oracle | 1 Weblogic Server | 2024-09-19 | 9.8 Critical |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2022-21445 | 1 Oracle | 1 Jdeveloper | 2024-09-19 | 9.8 Critical |
| Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2020-0618 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. | ||||
| CVE-2024-29968 | 2024-09-18 | 7.7 High | ||
| An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents. | ||||
| CVE-2024-29964 | 2024-09-18 | 5.7 Medium | ||
| Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. | ||||
| CVE-2024-40754 | 1 Samsung Open Source | 1 Escargot | 2024-09-18 | 9.8 Critical |
| Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. | ||||
| CVE-2024-47059 | 2024-09-18 | 0 Low | ||
| When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration. | ||||
| CVE-2024-37406 | 2024-09-18 | N/A | ||
| In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion. | ||||
| CVE-2023-4162 | 1 Brocade | 1 Fabric Operating System | 2024-09-18 | 4.4 Medium |
| A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“. | ||||
| CVE-2023-31429 | 1 Broadcom | 1 Fabric Operating System | 2024-09-18 | 5.5 Medium |
| Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | ||||
| CVE-2022-25770 | 2024-09-18 | 7.8 High | ||
| Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable. | ||||
| CVE-2021-27917 | 2024-09-18 | 7.3 High | ||
| Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | ||||
| CVE-2022-25777 | 2024-09-18 | 6.5 Medium | ||
| Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2022-25776 | 2024-09-18 | 8.3 High | ||
| Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. | ||||
| CVE-2022-25775 | 1 Mautic | 1 Mautic | 2024-09-18 | 6.6 Medium |
| Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. | ||||
| CVE-2021-27916 | 2024-09-18 | 8.1 High | ||
| Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. | ||||