Search Results (362815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-22016 1 Rapidscada 1 Rapid Scada 2024-11-21 7.8 High
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.
CVE-2024-21916 1 Rockwellautomation 6 Controllogix 5570 Controller, Controllogix 5570 Controller Firmware, Controllogix 5570 Redundant Controller and 3 more 2024-11-21 8.6 High
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.
CVE-2024-21902 1 Qnap 2 Qts, Quts Hero 2024-11-21 6.4 Medium
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
CVE-2024-21901 1 Qnap 2 Myqnapcloud, Qts 2024-11-21 4.7 Medium
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later
CVE-2024-21899 1 Qnap 3 Qts, Quts Hero, Qutscloud 2024-11-21 9.8 Critical
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
CVE-2024-21894 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 9.8 Critical
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
CVE-2024-21863 1 Openatom 1 Openharmony 2024-11-21 4.7 Medium
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
CVE-2024-21860 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
CVE-2024-21852 1 Rapidscada 1 Rapid Scada 2024-11-21 8.8 High
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.
CVE-2024-21851 1 Openatom 1 Openharmony 2024-11-21 2.9 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
CVE-2024-21845 1 Openatom 1 Openharmony 2024-11-21 2.9 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
CVE-2024-21840 1 Hitachi 1 Storage Plug-in 2024-11-21 7.9 High
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
CVE-2024-21835 1 Intel 1 Extreme Tuning Utility 2024-11-21 6.7 Medium
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21796 1 Dfeg 1 Electronic Deliverables Creation Support Tool 2024-11-21 5.5 Medium
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVE-2024-21764 1 Rapidscada 1 Rapid Scada 2024-11-21 9.8 Critical
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.
CVE-2024-21761 1 Fortinet 1 Fortiportal 2024-11-21 3.9 Low
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.
CVE-2024-21759 1 Fortinet 1 Fortiportal 2024-11-21 3.9 Low
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.
CVE-2024-21751 1 Yoginetwork 1 Rabbitloader 2024-11-21 5.4 Medium
Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.
CVE-2024-21748 1 Icegram 1 Icegram Express 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.
CVE-2024-21734 1 Sap 1 Marketing 2024-11-21 3.7 Low
SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application.