Total
18198 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2024-12-10 | 9.1 Critical |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
CVE-2024-38076 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2024-12-10 | 9.8 Critical |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
CVE-2024-38074 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-12-10 | 9.8 Critical |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
CVE-2024-38182 | 2024-12-10 | 9 Critical | ||
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | ||||
CVE-2024-38077 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-12-10 | 9.8 Critical |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
CVE-2024-43468 | 2024-12-10 | 9.8 Critical | ||
Microsoft Configuration Manager Remote Code Execution Vulnerability | ||||
CVE-2024-38124 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-12-10 | 9 Critical |
Windows Netlogon Elevation of Privilege Vulnerability | ||||
CVE-2023-36434 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 9.8 Critical |
Windows IIS Server Elevation of Privilege Vulnerability | ||||
CVE-2023-35349 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 9.8 Critical |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
CVE-2020-20735 | 1 8cms | 1 Ljcms | 2024-12-10 | 9.8 Critical |
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter. | ||||
CVE-2020-20718 | 1 Pluck-cms | 1 Pluckcms | 2024-12-10 | 9.8 Critical |
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. | ||||
CVE-2020-20703 | 1 Vim | 1 Vim | 2024-12-10 | 9.8 Critical |
Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. | ||||
CVE-2024-46909 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | 9.8 Critical |
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | ||||
CVE-2020-21174 | 1 Feehi | 1 Feehicms | 2024-12-10 | 9.8 Critical |
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. | ||||
CVE-2024-47578 | 2024-12-10 | 9.1 Critical | ||
Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable. | ||||
CVE-2023-36754 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-12-10 | 9.1 Critical |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | ||||
CVE-2024-36461 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 9.1 Critical |
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | ||||
CVE-2020-21474 | 1 Nucleuscms | 1 Nucleuscms | 2024-12-10 | 9.8 Critical |
File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. | ||||
CVE-2023-27992 | 1 Zyxel | 6 Nas326, Nas326 Firmware, Nas540 and 3 more | 2024-12-10 | 9.8 Critical |
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request. | ||||
CVE-2024-33610 | 2024-12-10 | 9.1 Critical | ||
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. |