Total
262923 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45618 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-14 | 3.9 Low |
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | ||||
CVE-2024-4029 | 1 Redhat | 7 Build Keycloak, Jboss Data Grid, Jboss Enterprise Application Platform and 4 more | 2024-09-14 | 4.1 Medium |
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections. | ||||
CVE-2024-3653 | 1 Redhat | 17 Amq Streams, Build Keycloak, Camel Quarkus and 14 more | 2024-09-14 | 5.3 Medium |
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request. | ||||
CVE-2024-8509 | 1 Redhat | 1 Migration Toolkit Virtualization | 2024-09-14 | 7.5 High |
A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information. | ||||
CVE-2024-37980 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 8.8 High |
Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
CVE-2024-38222 | 1 Microsoft | 1 Edge Chromium | 2024-09-14 | 6.5 Medium |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
CVE-2024-38194 | 1 Microsoft | 1 Azure Web Apps | 2024-09-14 | 8.4 High |
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. | ||||
CVE-2024-43495 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 23h2 | 2024-09-14 | 7.3 High |
Windows libarchive Remote Code Execution Vulnerability | ||||
CVE-2024-43491 | 1 Microsoft | 1 Windows 10 1507 | 2024-09-14 | 9.8 Critical |
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. | ||||
CVE-2024-43487 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2024-09-14 | 6.5 Medium |
Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
CVE-2024-30073 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2024-09-14 | 7.8 High |
Windows Security Zone Mapping Security Feature Bypass Vulnerability | ||||
CVE-2024-43479 | 1 Microsoft | 2 Power Automate, Power Automate For Desktop | 2024-09-14 | 8.5 High |
Microsoft Power Automate Desktop Remote Code Execution Vulnerability | ||||
CVE-2024-43476 | 1 Microsoft | 1 Dynamics 365 | 2024-09-14 | 7.6 High |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
CVE-2024-43475 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2008 Sp2 | 2024-09-14 | 7.3 High |
Microsoft Windows Admin Center Information Disclosure Vulnerability | ||||
CVE-2024-43470 | 1 Microsoft | 1 Azure Network Watcher Agent For Windows | 2024-09-14 | 7.3 High |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
CVE-2024-43469 | 1 Microsoft | 1 Azure Cyclecloud | 2024-09-14 | 8.8 High |
Azure CycleCloud Remote Code Execution Vulnerability | ||||
CVE-2024-43466 | 1 Microsoft | 1 Sharepoint Server | 2024-09-14 | 6.5 Medium |
Microsoft SharePoint Server Denial of Service Vulnerability | ||||
CVE-2024-43461 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2024-09-14 | 8.8 High |
Windows MSHTML Platform Spoofing Vulnerability | ||||
CVE-2024-43458 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-14 | 7.7 High |
Windows Networking Information Disclosure Vulnerability | ||||
CVE-2024-43457 | 1 Microsoft | 1 Windows 11 24h2 | 2024-09-14 | 7.8 High |
Windows Setup and Deployment Elevation of Privilege Vulnerability |