Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38243 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-10-09 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38234 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-10-09 | 6.5 Medium |
| Windows Networking Denial of Service Vulnerability | ||||
| CVE-2024-38046 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-10-09 | 7.8 High |
| PowerShell Elevation of Privilege Vulnerability | ||||
| CVE-2024-37965 | 1 Microsoft | 1 Sql Server | 2024-10-09 | 8.8 High |
| Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
| CVE-2024-38241 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-10-09 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38230 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-10-09 | 6.5 Medium |
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | ||||
| CVE-2024-38216 | 1 Microsoft | 1 Azure Stack Hub | 2024-10-09 | 8.2 High |
| Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2017-3283 | 1 Oracle | 1 Partner Management | 2024-10-08 | N/A |
| Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts). | ||||
| CVE-2017-3316 | 1 Oracle | 1 Vm Virtualbox | 2024-10-08 | N/A |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). | ||||
| CVE-2017-3321 | 1 Oracle | 1 Mysql Cluster | 2024-10-08 | N/A |
| Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts). | ||||
| CVE-2017-3323 | 1 Oracle | 1 Mysql Cluster | 2024-10-08 | N/A |
| Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts). | ||||
| CVE-2023-20564 | 2 Amd, Microsoft | 5 Ryzen, Ryzen Master, Ryzen Master Monitoring Sdk and 2 more | 2024-10-08 | 6.7 Medium |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. | ||||
| CVE-2023-20560 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2024-10-08 | 4.4 Medium |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. | ||||
| CVE-2023-38690 | 2 Matrix, Matrix-org | 2 Matrix Irc Bridge, Matrix-appservice-irc | 2024-10-08 | 5.8 Medium |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist. | ||||
| CVE-2023-39530 | 1 Prestashop | 1 Prestashop | 2024-10-08 | 6.5 Medium |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2023-2914 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-10-08 | 7.5 High |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. | ||||
| CVE-2023-2915 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-10-08 | 7.5 High |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. | ||||
| CVE-2023-2917 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-10-08 | 9.8 Critical |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities. | ||||
| CVE-2024-21312 | 1 Microsoft | 14 .net, .net Framework, Windows 10 1607 and 11 more | 2024-10-08 | 7.5 High |
| .NET Framework Denial of Service Vulnerability | ||||
| CVE-2024-38105 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-10-08 | 6.5 Medium |
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | ||||