Total 262923 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45103 2024-09-14 4.3 Medium
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2024-45101 1 Lenovo 1 Xclarity Administrator 2024-09-14 6.8 Medium
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
CVE-2024-3100 2024-09-14 6.7 Medium
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2024-31415 1 Eaton 1 Foreseer Electrical Power Monitoring System 2024-09-14 6.3 Medium
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration.
CVE-2024-31414 1 Eaton 1 Foreseer Electrical Power Monitoring System 2024-09-14 6.7 Medium
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.
CVE-2024-6867 1 Lunary-ai 1 Lunary-ai\/lunary 2024-09-14 N/A
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access rights to the run(s) they are accessing. As a result, it returns not only the specified run but also all runs that have the `run_id` listed as their parent run. This issue affects the main branch, commit a761d833. The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the `run_id` of a public or non-public run.
CVE-2024-5754 2024-09-14 8.2 High
BT: Encryption procedure host vulnerability
CVE-2024-44096 2024-09-14 N/A
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29779 2024-09-14 N/A
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-6259 2024-09-14 7.6 High
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
CVE-2024-44430 2024-09-14 N/A
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface
CVE-2024-6258 2024-09-14 6.8 Medium
BT: Missing length checks of net_buf in rfcomm_handle_data
CVE-2024-8039 2024-09-14 N/A
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
CVE-2024-2236 1 Redhat 1 Enterprise Linux 2024-09-14 5.9 Medium
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
CVE-2024-8190 1 Ivanti 1 Endpoint Manager Cloud Services Appliance 2024-09-14 7.2 High
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
CVE-2024-6387 9 Amazon, Canonical, Debian and 6 more 24 Linux 2023, Ubuntu Linux, Debian Linux and 21 more 2024-09-14 8.1 High
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVE-2023-5156 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2024-09-14 7.5 High
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
CVE-2024-45617 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-14 3.9 Low
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
CVE-2024-45616 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-14 3.9 Low
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
CVE-2024-45615 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-09-14 3.9 Low
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).