Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34086 | 1 Intel | 143 Bios, Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware and 140 more | 2024-10-09 | 8.2 High |
| Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22449 | 1 Intel | 311 Bios, Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware and 308 more | 2024-10-09 | 7.5 High |
| Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-21272 | 1 Google | 1 Android | 2024-10-09 | 7.8 High |
| In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-4941 | 1 Gradio Project | 1 Gradio | 2024-10-09 | 7.5 High |
| A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a `path` key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the `/file=..` endpoint. This issue is due to the `processing_utils.move_files_to_cache()` function traversing any object passed to it, looking for a dictionary with a `path` key, and then copying the specified file to a temporary directory. The vulnerability can be exploited by an attacker to read files on the remote system, posing a significant security risk. | ||||
| CVE-2023-39404 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-09 | 7.5 High |
| Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart. | ||||
| CVE-2023-49958 | 1 Dallmann-consulting | 1 Open Charge Point Protocol | 2024-10-09 | 7.5 High |
| An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity. | ||||
| CVE-2023-21284 | 1 Google | 1 Android | 2024-10-09 | 5.5 Medium |
| In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-21413 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-10-09 | 9.8 Critical |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-21374 | 1 Microsoft | 1 Teams | 2024-10-09 | 5 Medium |
| Microsoft Teams for Android Information Disclosure Vulnerability | ||||
| CVE-2024-21304 | 1 Microsoft | 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more | 2024-10-09 | 4.1 Medium |
| Trusted Compute Base Elevation of Privilege Vulnerability | ||||
| CVE-2024-20684 | 1 Microsoft | 9 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 6 more | 2024-10-09 | 6.5 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2024-20670 | 1 Microsoft | 1 Outlook For Windows | 2024-10-09 | 8.1 High |
| Outlook for Windows Spoofing Vulnerability | ||||
| CVE-2024-28897 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-09 | 6.8 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-26240 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-10-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-26189 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-26253 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-10-09 | 6.8 Medium |
| Windows rndismp6.sys Remote Code Execution Vulnerability | ||||
| CVE-2024-38194 | 1 Microsoft | 1 Azure Web Apps | 2024-10-09 | 8.4 High |
| An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. | ||||
| CVE-2024-43455 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-10-09 | 8.8 High |
| Windows Remote Desktop Licensing Service Spoofing Vulnerability | ||||
| CVE-2024-38245 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-10-09 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38244 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-10-09 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||