Search Results (363508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-25092 1 Xlplugins 1 Nextmove 2024-11-21 8.8 High
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
CVE-2024-25089 1 Malwarebytes 1 Binisoft Windows Firewall Control 2024-11-21 9.8 Critical
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.
CVE-2024-25088 2 Jungo, Mitsubishielectric 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more 2024-11-21 7.8 High
Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code.
CVE-2024-25086 2 Jungo, Mitsubishielectric 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more 2024-11-21 7.8 High
Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code.
CVE-2024-25052 1 Ibm 1 Jazz Reporting Service 2024-11-21 4.4 Medium
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.
CVE-2024-25031 1 Ibm 2 Storage Defender, Storage Defender Resiliency Service 2024-11-21 6.5 Medium
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.
CVE-2024-25023 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-11-21 5.5 Medium
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.
CVE-2024-25007 1 Ericsson 1 Network Manager 2024-11-21 7.1 High
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.
CVE-2024-24974 1 Openvpn 1 Openvpn 2024-11-21 7.5 High
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
CVE-2024-24943 1 Jetbrains 1 Toolbox 2024-11-21 5.3 Medium
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
CVE-2024-24942 1 Jetbrains 1 Teamcity 2024-11-21 5.3 Medium
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
CVE-2024-24941 1 Jetbrains 1 Intellij Idea 2024-11-21 6.1 Medium
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
CVE-2024-24939 1 Jetbrains 1 Rider 2024-11-21 3.3 Low
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
CVE-2024-24937 1 Jetbrains 1 Teamcity 2024-11-21 4.6 Medium
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
CVE-2024-24936 1 Jetbrains 1 Teamcity 2024-11-21 4.3 Medium
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
CVE-2024-24925 1 Siemens 1 Simcenter Femap 2024-11-21 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)
CVE-2024-24920 1 Siemens 1 Simcenter Femap 2024-11-21 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710)
CVE-2024-24864 1 Linux 1 Linux Kernel 2024-11-21 5.3 Medium
A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
CVE-2024-24829 1 Sentry 1 Sentry 2024-11-21 4.3 Medium
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-24828 1 Vercel 1 Pkg 2024-11-21 6.6 Medium
pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.