Total
28515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20656 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-08-01 | 7.8 High |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2024-20673 | 1 Microsoft | 8 Excel, Office, Office Long Term Servicing Channel and 5 more | 2024-08-01 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2024-20672 | 1 Microsoft | 1 .net | 2024-08-01 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2024-20696 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2024-08-01 | 7.3 High |
| Windows libarchive Remote Code Execution Vulnerability | ||||
| CVE-2024-20690 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-08-01 | 6.5 Medium |
| Windows Nearby Sharing Spoofing Vulnerability | ||||
| CVE-2024-20681 | 1 Microsoft | 13 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 10 more | 2024-08-01 | 7.8 High |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability | ||||
| CVE-2024-20684 | 1 Microsoft | 9 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 6 more | 2024-08-01 | 6.5 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2024-20667 | 1 Microsoft | 1 Azure Devops Server | 2024-08-01 | 7.5 High |
| Azure DevOps Server Remote Code Execution Vulnerability | ||||
| CVE-2024-20654 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2024-08-01 | 8 High |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | ||||
| CVE-2024-20655 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-08-01 | 6.6 Medium |
| Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | ||||
| CVE-2024-20687 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2024-08-01 | 7.5 High |
| Microsoft AllJoyn API Denial of Service Vulnerability | ||||
| CVE-2024-20277 | 1 Cisco | 1 Thousandeyes Enterprise Agent | 2024-08-01 | 6.8 Medium |
| A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands and elevate privileges to root. | ||||
| CVE-2024-20272 | 1 Cisco | 1 Unity Connection | 2024-08-01 | 7.3 High |
| A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. | ||||
| CVE-2024-20263 | 1 Cisco | 170 Cbs250-16p-2g, Cbs250-16p-2g Firmware, Cbs250-16t-2g and 167 more | 2024-08-01 | 5.8 Medium |
| A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices. | ||||
| CVE-2024-20015 | 2 Google, Mediatek | 40 Android, Mt6739, Mt6753 and 37 more | 2024-08-01 | 7.8 High |
| In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419. | ||||
| CVE-2024-20253 | 1 Cisco | 5 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unified Contact Center Express and 2 more | 2024-08-01 | 9.9 Critical |
| A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. | ||||
| CVE-2024-6741 | 1 Openfind | 1 Mail2000 | 2024-08-01 | 5.8 Medium |
| Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled. | ||||
| CVE-2024-6624 | 1 Parorrey | 1 Json Api User | 2024-08-01 | 9.8 Critical |
| The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed. | ||||
| CVE-2024-6540 | 1 Otrs | 1 Otrs | 2024-08-01 | 5.7 Medium |
| Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x | ||||
| CVE-2024-6554 | 1 Wpmudev | 1 Branda | 2024-08-01 | 5.3 Medium |
| The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||