Search Results (363437 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-21901 1 Qnap 2 Myqnapcloud, Qts 2024-11-21 4.7 Medium
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later
CVE-2024-21899 1 Qnap 3 Qts, Quts Hero, Qutscloud 2024-11-21 9.8 Critical
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
CVE-2024-21894 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 9.8 Critical
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
CVE-2024-21863 1 Openatom 1 Openharmony 2024-11-21 4.7 Medium
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
CVE-2024-21860 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
CVE-2024-21852 1 Rapidscada 1 Rapid Scada 2024-11-21 8.8 High
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.
CVE-2024-21851 1 Openatom 1 Openharmony 2024-11-21 2.9 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
CVE-2024-21845 1 Openatom 1 Openharmony 2024-11-21 2.9 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
CVE-2024-21840 1 Hitachi 1 Storage Plug-in 2024-11-21 7.9 High
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
CVE-2024-21835 1 Intel 1 Extreme Tuning Utility 2024-11-21 6.7 Medium
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21796 1 Dfeg 1 Electronic Deliverables Creation Support Tool 2024-11-21 5.5 Medium
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVE-2024-21764 1 Rapidscada 1 Rapid Scada 2024-11-21 9.8 Critical
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.
CVE-2024-21761 1 Fortinet 1 Fortiportal 2024-11-21 3.9 Low
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.
CVE-2024-21759 1 Fortinet 1 Fortiportal 2024-11-21 3.9 Low
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.
CVE-2024-21751 1 Yoginetwork 1 Rabbitloader 2024-11-21 5.4 Medium
Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.
CVE-2024-21748 1 Icegram 1 Icegram Express 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.
CVE-2024-21734 1 Sap 1 Marketing 2024-11-21 3.7 Low
SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application.
CVE-2024-21674 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 7.5 High
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).
CVE-2024-21671 1 Vantage6 1 Vantage6 2024-11-21 3.7 Low
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.
CVE-2024-21670 1 Hyperledger 1 Ursa 2024-11-21 6.5 Medium
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.