Total
28641 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45039 | 1 Consensys | 2 Gnark, Gnark-crypto | 2024-09-20 | 6.2 Medium |
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost to the verifier and it has not been supported in the recursive in-circuit Groth16 verifier and Solidity verifier. gnark's maintainers expect the impact of the issue be very small - only for the users who have implemented the native Groth16 verifier or are using it with multiple commitments. We do not have information of such users. The issue has been patched in version 0.11.0. As a workaround, users should follow gnark maintainers' recommendation to use only a single commitment and then derive in-circuit commitments as needed using the `std/multicommit` package. | ||||
CVE-2022-4100 | 2 Gioni, Wpcerber | 2 Wp Cerber Security, Cerber Security Antispam \& Malware Scan | 2024-09-20 | 5.3 Medium |
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked. | ||||
CVE-2024-38210 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | 7.8 High |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
CVE-2024-38209 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | 7.8 High |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
CVE-2024-3679 | 2 Calinvingan, Squirrly | 2 Premium Seo Pack Wp Seo Plugin, Wp Seo Plugin | 2024-09-19 | 5.3 Medium |
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data. | ||||
CVE-2024-43472 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | 5.8 Medium |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
CVE-2024-37968 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-09-19 | 7.5 High |
Windows DNS Spoofing Vulnerability | ||||
CVE-2024-38223 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-09-19 | 6.8 Medium |
Windows Initial Machine Configuration Elevation of Privilege Vulnerability | ||||
CVE-2024-38215 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2024-09-19 | 7.8 High |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38214 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-09-19 | 6.5 Medium |
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | ||||
CVE-2024-38120 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-09-19 | 8.8 High |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
CVE-2024-38200 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-09-19 | 6.5 Medium |
Microsoft Office Spoofing Vulnerability | ||||
CVE-2024-38195 | 1 Microsoft | 1 Azure Cyclecloud | 2024-09-19 | 7.8 High |
Azure CycleCloud Remote Code Execution Vulnerability | ||||
CVE-2024-38189 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2024-09-19 | 8.8 High |
Microsoft Project Remote Code Execution Vulnerability | ||||
CVE-2024-38187 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-09-19 | 7.8 High |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38186 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-09-19 | 7.8 High |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38185 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-09-19 | 7.8 High |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38180 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-09-19 | 8.8 High |
Windows SmartScreen Security Feature Bypass Vulnerability | ||||
CVE-2024-38177 | 1 Microsoft | 1 App Installer | 2024-09-19 | 7.8 High |
Windows App Installer Spoofing Vulnerability | ||||
CVE-2024-38173 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-09-19 | 6.7 Medium |
Microsoft Outlook Remote Code Execution Vulnerability |