Total
11731 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20721 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-08-01 | 5.5 Medium |
| Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20709 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-08-01 | 5.5 Medium |
| Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20670 | 1 Microsoft | 1 Outlook For Windows | 2024-08-01 | 8.1 High |
| Outlook for Windows Spoofing Vulnerability | ||||
| CVE-2024-20405 | 1 Cisco | 1 Finesse | 2024-08-01 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device. | ||||
| CVE-2024-20684 | 1 Microsoft | 9 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 6 more | 2024-08-01 | 6.5 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2024-20334 | 2024-08-01 | 5.5 Medium | ||
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2024-20318 | 2024-08-01 | 7.4 High | ||
| A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition. | ||||
| CVE-2024-20271 | 2024-08-01 | 8.6 High | ||
| A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets. | ||||
| CVE-2024-20034 | 2024-08-01 | 7.2 High | ||
| In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue ID: ALPS08488849. | ||||
| CVE-2024-20004 | 1 Mediatek | 21 Mt2735, Mt6297, Mt6833 and 18 more | 2024-08-01 | 7.5 High |
| In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). | ||||
| CVE-2024-20056 | 2024-08-01 | N/A | ||
| In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. | ||||
| CVE-2024-20064 | 2024-08-01 | N/A | ||
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. | ||||
| CVE-2024-20003 | 1 Mediatek | 21 Mt2735, Mt6297, Mt6833 and 18 more | 2024-08-01 | 7.5 High |
| In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). | ||||
| CVE-2024-7014 | 2024-08-01 | N/A | ||
| EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. | ||||
| CVE-2024-6376 | 1 Mongodb | 1 Compass | 2024-08-01 | 7 High |
| MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2 | ||||
| CVE-2024-6298 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2024-08-01 | 9.8 Critical |
| Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01. | ||||
| CVE-2024-5969 | 2024-08-01 | 5.8 Medium | ||
| The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. | ||||
| CVE-2024-5899 | 2024-08-01 | N/A | ||
| When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one. We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins. | ||||
| CVE-2024-5692 | 2024-08-01 | 6.5 Medium | ||
| On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2024-5681 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-08-01 | 7.8 High |
| CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||