Total
262195 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-20932 | 3 Netapp, Oracle, Redhat | 13 Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent, Oncommand Insight and 10 more | 2024-08-30 | 7.5 High |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | ||||
CVE-2023-32662 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-08-30 | 6.7 Medium |
Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-38786 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-08-30 | 6.7 Medium |
Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-24379 | 1 Intel | 4 Server Board M70klp2sb, Server Board M70klp2sb Firmware, Server System M70klp4s2uhh and 1 more | 2024-08-30 | 7.5 High |
Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-45232 | 2 In2code, Typo3 | 2 Powermail, Typo3 | 2024-08-30 | 7.3 High |
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0 | ||||
CVE-2024-37079 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-30 | 9.8 Critical |
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
CVE-2024-45233 | 2 In2code, Typo3 | 2 Powermail, Typo3 | 2024-08-30 | 7.3 High |
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0. | ||||
CVE-2024-8250 | 1 Wireshark | 1 Wireshark | 2024-08-30 | 7.8 High |
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file | ||||
CVE-2024-38795 | 1 Cridio | 1 Listingpro | 2024-08-30 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4. | ||||
CVE-2024-39620 | 1 Cridio | 1 Listingpro | 2024-08-30 | 8.5 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4. | ||||
CVE-2024-39622 | 1 Cridio | 1 Listingpro | 2024-08-30 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4. | ||||
CVE-2023-33878 | 1 Intel | 2 Audio Install Package, Nuc P14e Laptop Element Cmcn1cc | 2024-08-30 | 6.7 Medium |
Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-43939 | 2 Victory Media Llc, Zynith | 2 Zynith, Zynith | 2024-08-30 | 6.5 Medium |
Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9. | ||||
CVE-2024-43940 | 2 Victory Media Llc, Zynith | 2 Zynith, Zynith | 2024-08-30 | 6.5 Medium |
Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9. | ||||
CVE-2023-28377 | 1 Intel | 3 Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa, Usb Firmware | 2024-08-30 | 6.7 Medium |
Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-43954 | 1 Themeum | 1 Droip | 2024-08-30 | 6.3 Medium |
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1. | ||||
CVE-2024-43955 | 1 Themeum | 1 Droip | 2024-08-30 | 10 Critical |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1. | ||||
CVE-2024-43950 | 1 Nextbricks | 1 Bricksore | 2024-08-30 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5. | ||||
CVE-2024-44070 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-08-30 | 9.8 Critical |
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. | ||||
CVE-2024-43951 | 1 Cryoutcreations | 1 Tempera | 2024-08-30 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Tempera allows Stored XSS.This issue affects Tempera: from n/a through 1.8.2. |