Total
56580 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8306 | 1 Schneider-electric | 2 Vijeo Designer, Vijeo Designer Embedded In Ecostruxure Machine Expert | 2024-09-18 | 7.8 High |
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries. | ||||
CVE-2024-21871 | 1 Intel | 153 Celeron G3900 Firmware, Celeron G3900te Firmware, Core I3-6100 Firmware and 150 more | 2024-09-18 | 7.5 High |
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-39378 | 3 Adobe, Apple, Microsoft | 3 Audition, Mac Os X, Windows | 2024-09-18 | 7.8 High |
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-20430 | 1 Cisco | 2 Meraki Systems Manager, Meraki Systems Manager Agent | 2024-09-18 | 7.3 High |
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. | ||||
CVE-2023-48171 | 1 Owasp | 1 Defectdojo | 2024-09-18 | 8.8 High |
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. | ||||
CVE-2024-8749 | 2 I-doit, Synetics | 2 I-doit, Idoit Pro | 2024-09-18 | 8.8 High |
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database. | ||||
CVE-2024-42485 | 2 Filament, Pxlrbt | 2 Excel Export, Filament Excel | 2024-09-18 | 7.5 High |
Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the URL. Patched with Version v2.3.3. | ||||
CVE-2024-8012 | 1 Ivanti | 1 Workspace Control | 2024-09-18 | 7.8 High |
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2024-09-18 | 8.8 High |
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | ||||
CVE-2024-44106 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-44105 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.2 High |
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | ||||
CVE-2024-44104 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-45041 | 1 External-secrets | 2 External-secrets, External Secrets Operator | 2024-09-18 | 8.3 High |
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It also has path/update verb of validatingwebhookconfigurations resources. This can be used to abuse the SA token of the deployment to retrieve or get ALL secrets in the whole cluster, capture and log all data from requests attempting to update Secrets, or make a webhook deny all Pod create and update requests. This vulnerability is fixed in 0.10.2. | ||||
CVE-2024-44103 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-43327 | 1 Teleogistic | 1 Invite Anyone | 2024-09-18 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7. | ||||
CVE-2023-37233 | 1 Loftware | 1 Spectrum | 2024-09-18 | 8.8 High |
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. | ||||
CVE-2023-37234 | 1 Loftware | 1 Spectrum | 2024-09-18 | 7.5 High |
Loftware Spectrum through 4.6 has unprotected JMX Registry. | ||||
CVE-2023-37232 | 1 Loftware | 1 Spectrum | 2024-09-18 | 7.5 High |
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor. | ||||
CVE-2024-5290 | 2 Canonical, W1.fi | 2 Ubuntu Linux, Wpa Supplicant | 2024-09-18 | 8.8 High |
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. | ||||
CVE-2024-8269 | 2 Fluxbuilder, Inspireui | 2 Mstore Api, Mstore Api | 2024-09-18 | 7.3 High |
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the register() function. This makes it possible for unauthenticated attackers to create user accounts on sites, even when user registration is disabled and plugin functionality is not activated. |