Total
262913 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38242 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-09-14 | 7.8 High |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38241 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-09-14 | 7.8 High |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38240 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-09-14 | 8.1 High |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | ||||
CVE-2024-38236 | 1 Microsoft | 8 Windows Server 2008 R2, Windows Server 2008 Sp2, Windows Server 2012 and 5 more | 2024-09-14 | 7.5 High |
DHCP Server Service Denial of Service Vulnerability | ||||
CVE-2024-38230 | 1 Microsoft | 4 Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and 1 more | 2024-09-14 | 6.5 Medium |
Windows Standards-Based Storage Management Service Denial of Service Vulnerability | ||||
CVE-2024-38188 | 1 Microsoft | 1 Azure Network Watcher Agent For Windows | 2024-09-14 | 7.1 High |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
CVE-2024-38220 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-14 | 9 Critical |
Azure Stack Hub Elevation of Privilege Vulnerability | ||||
CVE-2024-38216 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-14 | 8.2 High |
Azure Stack Hub Elevation of Privilege Vulnerability | ||||
CVE-2024-38018 | 1 Microsoft | 1 Sharepoint Server | 2024-09-14 | 8.8 High |
Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
CVE-2024-26191 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 8.8 High |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | ||||
CVE-2024-26186 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 8.8 High |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | ||||
CVE-2024-37342 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 7.1 High |
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | ||||
CVE-2024-37337 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 7.1 High |
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | ||||
CVE-2024-37339 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 8.8 High |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | ||||
CVE-2024-37340 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 8.8 High |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | ||||
CVE-2024-37335 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 8.8 High |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | ||||
CVE-2024-37966 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 7.1 High |
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | ||||
CVE-2024-37338 | 1 Microsoft | 1 Sql Server | 2024-09-14 | 8.8 High |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | ||||
CVE-2024-1394 | 1 Redhat | 23 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 20 more | 2024-09-14 | 7.5 High |
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. | ||||
CVE-2023-4959 | 1 Redhat | 1 Quay | 2024-09-14 | 6.5 Medium |
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges). |