Filtered by CWE-20
Total 11839 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-21810 1 Intel 1 Ethernet Complete Driver Pack 2024-08-16 8.8 High
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34118 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-08-15 5.5 Medium
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-31339 2024-08-15 4.8 Medium
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVE-2024-7507 1 Rockwellautomation 5 Compact Guardlogix 5380 Firmware, Compactlogix 5480 Firmware, Controllogix 5380 Firmware and 2 more 2024-08-15 N/A
CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.
CVE-2024-7515 1 Rockwellautomation 5 Compact Guardlogix 5380 Firmware, Compactlogix 5380 Firmware, Compactlogix 5480 Firmware and 2 more 2024-08-15 N/A
CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.
CVE-2024-41940 1 Siemens 1 Sinec Nms 2024-08-14 9.1 Critical
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.
CVE-2023-34424 2024-08-14 4.4 Medium
Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-31366 2024-08-14 3.3 Low
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.
CVE-2023-1577 1 Lenovo 1 Drivers Management 2024-08-13 7.8 High
A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.
CVE-2017-3772 1 Lenovo 1 Pcmanager 2024-08-13 5.5 Medium
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.
CVE-2024-40721 1 Changingtec 2 Servisign, Tcb Servisign 2024-08-09 8.8 High
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.
CVE-2024-40720 2 Changinginformationtechnology, Changingtec 2 Tcbservisign, Tcb Servisign 2024-08-09 8.8 High
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands.
CVE-2024-6254 2024-08-08 4.3 Medium
The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms intended for public use as another user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. On sites where unfiltered_html is enabled, this can lead to the admin unknowingly adding a Stored Cross-Site Scripting payload.
CVE-2024-23483 1 Zscaler 1 Client Connector 2024-08-07 7 High
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.
CVE-2024-7005 1 Google 1 Chrome 2024-08-07 8.8 High
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)
CVE-2024-4353 1 Concretecms 1 Concrete Cms 2024-08-07 N/A
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board instance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious JavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator  and a CVSS v4 score of 1.8 with a vector of CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Concrete versions below 9 are not affected by this vulnerability. Thanks fhAnso for reporting.
CVE-2024-21978 1 Amd 64 Epyc 7003 Firmware, Epyc 7203 Firmware, Epyc 7203p Firmware and 61 more 2024-08-06 6 Medium
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
CVE-2024-6915 1 Jfrog 1 Artifactory 2024-08-06 9.3 Critical
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.
CVE-2024-7340 1 Weights \& Biases 1 Weave 2024-08-01 8.8 High
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.
CVE-2024-25131 2024-06-03 8.8 High
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment.