Total
11731 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-7207 | 1 Redhat | 1 Service Mesh | 2024-09-19 | 8.2 High |
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487. | ||||
CVE-2024-38189 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2024-09-19 | 8.8 High |
Microsoft Project Remote Code Execution Vulnerability | ||||
CVE-2024-38201 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-19 | 7 High |
Azure Stack Hub Elevation of Privilege Vulnerability | ||||
CVE-2024-38196 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-09-19 | 7.8 High |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38194 | 1 Microsoft | 1 Azure Web Apps | 2024-09-19 | 8.4 High |
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. | ||||
CVE-2024-43455 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-09-19 | 8.8 High |
Windows Remote Desktop Licensing Service Spoofing Vulnerability | ||||
CVE-2024-38245 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-09-19 | 7.8 High |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38244 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 7.8 High |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38243 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 7.8 High |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38234 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-09-19 | 6.5 Medium |
Windows Networking Denial of Service Vulnerability | ||||
CVE-2024-38046 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 7.8 High |
PowerShell Elevation of Privilege Vulnerability | ||||
CVE-2024-37965 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
CVE-2024-38241 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 7.8 High |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38230 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-09-19 | 6.5 Medium |
Windows Standards-Based Storage Management Service Denial of Service Vulnerability | ||||
CVE-2024-38216 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-19 | 8.2 High |
Azure Stack Hub Elevation of Privilege Vulnerability | ||||
CVE-2023-42508 | 1 Jfrog | 1 Artifactory | 2024-09-19 | 6.5 Medium |
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body. | ||||
CVE-2023-30690 | 1 Samsung | 1 Android | 2024-09-19 | 8.5 High |
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | ||||
CVE-2023-36619 | 1 Unify | 1 Session Border Controller | 2024-09-19 | 9.8 Critical |
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users. | ||||
CVE-2023-42448 | 1 Iohk | 1 Hydra | 2024-09-19 | 8.1 High |
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed (Close transaction), but no such check appears to be performed in the `checkClose` function of the head validator. This would allow a malicious participant to modify the contestation deadline of the head to either allow them to fanout the head without giving another participant the chance to contest, or prevent any participant from ever redistributing the funds locked in the head via a fan-out. Version 0.13.0 contains a patch for this issue. | ||||
CVE-2023-38701 | 1 Iohk | 1 Hydra | 2024-09-19 | 9.1 Critical |
Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the `commit` validator, where they remain until they are either collected into the `head` validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the `commit` validator contains a flawed check when the `ViaAbort` redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The `initial` validator also is similarly affected as the same flawed check is performed for the `ViaAbort` redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the `head` validator. Version 0.12.0 contains a fix for this issue. |