Total
262230 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-41861 | 1 Adobe | 1 Substance 3d Sampler | 2024-08-14 | 5.5 Medium |
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-41860 | 1 Adobe | 1 Substance 3d Sampler | 2024-08-14 | 5.5 Medium |
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-52554 | 2024-08-14 | N/A | ||
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-41613 | 1 Symphony-cms | 1 Symphony Cms | 2024-08-14 | 6.1 Medium |
A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note. | ||||
CVE-2024-41941 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | 4.3 Medium |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization. | ||||
CVE-2023-39249 | 2024-08-14 | 6.3 Medium | ||
Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | ||||
CVE-2024-27807 | 1 Apple | 2 Ipados, Iphone Os | 2024-08-14 | 4.3 Medium |
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging. | ||||
CVE-2024-21766 | 1 Intel | 1 Oneapi Math Kernel Library | 2024-08-14 | 6.7 Medium |
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | 9.1 Critical |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | ||||
CVE-2024-41939 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | 8.8 High |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. | ||||
CVE-2024-23785 | 2024-08-14 | N/A | ||
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | ||||
CVE-2024-41938 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | 5.5 Medium |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. | ||||
CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2024-08-14 | 6.7 Medium |
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
CVE-2024-41907 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | 4.2 Medium |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. | ||||
CVE-2024-21857 | 1 Intel | 1 Oneapi Compiler Software | 2024-08-14 | 6.7 Medium |
Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-41906 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | 4.8 Medium |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. | ||||
CVE-2023-40817 | 1 Opencrx | 1 Opencrx | 2024-08-14 | 6.1 Medium |
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. | ||||
CVE-2024-41905 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | 6.8 Medium |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. | ||||
CVE-2024-23786 | 2024-08-14 | N/A | ||
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. | ||||
CVE-2024-39283 | 1 Intel | 1 Tdx Module Software | 2024-08-14 | 6 Medium |
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access. |