Total
11722 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38095 | 2 Microsoft, Redhat | 5 .net, Powershell, Visual Studio and 2 more | 2024-09-19 | 7.5 High |
.NET and Visual Studio Denial of Service Vulnerability | ||||
CVE-2024-38052 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-09-19 | 7.8 High |
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38047 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-09-19 | 7.8 High |
PowerShell Elevation of Privilege Vulnerability | ||||
CVE-2024-38033 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 7.3 High |
PowerShell Elevation of Privilege Vulnerability | ||||
CVE-2024-38021 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-09-19 | 8.8 High |
Microsoft Outlook Remote Code Execution Vulnerability | ||||
CVE-2024-38055 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-09-19 | 5.5 Medium |
Microsoft Windows Codecs Library Information Disclosure Vulnerability | ||||
CVE-2024-38043 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-09-19 | 7.8 High |
PowerShell Elevation of Privilege Vulnerability | ||||
CVE-2024-32859 | 1 Dell | 48 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 45 more | 2024-09-19 | 7.5 High |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
CVE-2024-7254 | 1 Google | 6 Google-protobuf, Protobuf, Protobuf-java and 3 more | 2024-09-19 | 7.5 High |
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. | ||||
CVE-2024-46946 | 1 Langchain | 1 Langchain Experimental | 2024-09-19 | 9.8 Critical |
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05). | ||||
CVE-2024-37406 | 1 Brave | 1 Android Browser | 2024-09-19 | 7.5 High |
In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion. | ||||
CVE-2024-6077 | 1 Rockwellautomation | 18 1756-en4, 1756-en4 Firmware, Compact Guardlogix 5380 Sil2 Firmware and 15 more | 2024-09-19 | 7.5 High |
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover. | ||||
CVE-2024-45537 | 2024-09-19 | N/A | ||
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list. Users without the permission to configure JDBC connections are not able to exploit this vulnerability. CVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2. This issue is fixed in Apache Druid 30.0.1. | ||||
CVE-2023-44185 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-09-19 | 7.5 High |
An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO. | ||||
CVE-2024-7490 | 1 Microchip | 1 Advanced Software Framework | 2024-09-19 | 9.8 Critical |
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework. | ||||
CVE-2024-6258 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 6.8 Medium |
BT: Missing length checks of net_buf in rfcomm_handle_data | ||||
CVE-2024-5931 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 6.3 Medium |
BT: Unchecked user input in bap_broadcast_assistant | ||||
CVE-2024-6259 | 1 Zephyrproject | 1 Zephyr | 2024-09-19 | 7.6 High |
BT: HCI: adv_ext_report Improper discarding in adv_ext_report | ||||
CVE-2024-6137 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 7.6 High |
BT: Classic: SDP OOB access in get_att_search_list | ||||
CVE-2024-21871 | 1 Intel | 153 Celeron G3900 Firmware, Celeron G3900te Firmware, Core I3-6100 Firmware and 150 more | 2024-09-18 | 7.5 High |
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |