Total
262923 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45103 | 2024-09-14 | 4.3 Medium | ||
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | ||||
CVE-2024-45101 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-14 | 6.8 Medium |
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. | ||||
CVE-2024-3100 | 2024-09-14 | 6.7 Medium | ||
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
CVE-2024-31415 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-09-14 | 6.3 Medium |
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. | ||||
CVE-2024-31414 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-09-14 | 6.7 Medium |
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors. | ||||
CVE-2024-6867 | 1 Lunary-ai | 1 Lunary-ai\/lunary | 2024-09-14 | N/A |
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access rights to the run(s) they are accessing. As a result, it returns not only the specified run but also all runs that have the `run_id` listed as their parent run. This issue affects the main branch, commit a761d833. The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the `run_id` of a public or non-public run. | ||||
CVE-2024-5754 | 2024-09-14 | 8.2 High | ||
BT: Encryption procedure host vulnerability | ||||
CVE-2024-44096 | 2024-09-14 | N/A | ||
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-29779 | 2024-09-14 | N/A | ||
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-6259 | 2024-09-14 | 7.6 High | ||
BT: HCI: adv_ext_report Improper discarding in adv_ext_report | ||||
CVE-2024-44430 | 2024-09-14 | N/A | ||
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface | ||||
CVE-2024-6258 | 2024-09-14 | 6.8 Medium | ||
BT: Missing length checks of net_buf in rfcomm_handle_data | ||||
CVE-2024-8039 | 2024-09-14 | N/A | ||
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks. | ||||
CVE-2024-2236 | 1 Redhat | 1 Enterprise Linux | 2024-09-14 | 5.9 Medium |
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. | ||||
CVE-2024-8190 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-09-14 | 7.2 High |
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | ||||
CVE-2024-6387 | 9 Amazon, Canonical, Debian and 6 more | 24 Linux 2023, Ubuntu Linux, Debian Linux and 21 more | 2024-09-14 | 8.1 High |
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | ||||
CVE-2023-5156 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-09-14 | 7.5 High |
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | ||||
CVE-2024-45617 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-14 | 3.9 Low |
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | ||||
CVE-2024-45616 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-14 | 3.9 Low |
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. | ||||
CVE-2024-45615 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-14 | 3.9 Low |
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). |