Total
28662 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37970 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 8 High |
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-37969 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 8 High |
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-37331 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-37332 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-37318 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-38087 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-38088 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-35270 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-09-19 | 5.3 Medium |
Windows iSCSI Service Denial of Service Vulnerability | ||||
CVE-2024-35264 | 2 Microsoft, Redhat | 4 .net, Visual Studio, Visual Studio 2022 and 1 more | 2024-09-19 | 8.1 High |
.NET and Visual Studio Remote Code Execution Vulnerability | ||||
CVE-2024-30098 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 7.5 High |
Windows Cryptographic Services Security Feature Bypass Vulnerability | ||||
CVE-2024-30081 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-09-19 | 7.1 High |
Windows NTLM Spoofing Vulnerability | ||||
CVE-2024-28899 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 8.8 High |
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-30061 | 1 Microsoft | 1 Dynamics 365 | 2024-09-19 | 7.3 High |
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
CVE-2023-45239 | 3 Facebook, Fedoraproject, Meta | 3 Tac Plus, Fedora, Tac Plus | 2024-09-19 | 9.8 Critical |
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | ||||
CVE-2024-32859 | 1 Dell | 48 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 45 more | 2024-09-19 | 7.5 High |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
CVE-2023-43058 | 2 Ibm, Redhat | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Openshift | 2024-09-19 | 5.3 Medium |
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. | ||||
CVE-2023-21252 | 1 Google | 1 Android | 2024-09-19 | 5.5 Medium |
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-6086 | 1 Lunary | 1 Lunary | 2024-09-19 | 4.3 Medium |
In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess() is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify organization attributes without proper authorization. | ||||
CVE-2024-5714 | 1 Lunary | 1 Lunary | 2024-09-19 | 6.8 Medium |
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with escalated privileges, and change members from other organizations to their own or other projects, also with escalated privileges. This vulnerability is due to the backend's failure to validate project identifiers against the current user's organization ID and projects belonging to it, as well as a misconfiguration in attribute naming (`org_id` should be `orgId`) that prevents proper user organization validation. As a result, attackers can cause inconsistencies on the platform for affected users and organizations, including unauthorized privilege escalation. The issue is present in the backend API endpoints for user invitation and modification, specifically in the handling of project IDs in requests. | ||||
CVE-2023-45349 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-09-19 | 7.5 High |
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722. |