Vulnerabilities (CVE)

Filtered by CWE-20
Total 11571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-21319 1 Microsoft 3 .net, Identity Model, Visual Studio 2022 2026-06-17 N/A 6.8 MEDIUM
Microsoft Identity Denial of service vulnerability
CVE-2024-21316 1 Microsoft 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more 2026-06-17 N/A 6.1 MEDIUM
Windows Server Key Distribution Service Security Feature Bypass
CVE-2024-21315 1 Microsoft 14 Defender For Endpoint, Windows 10 1507, Windows 10 1607 and 11 more 2026-06-17 N/A 7.8 HIGH
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
CVE-2024-21312 1 Microsoft 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-17 N/A 7.5 HIGH
.NET Framework Denial of Service Vulnerability
CVE-2024-21304 1 Microsoft 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more 2026-06-17 N/A 4.1 MEDIUM
Trusted Compute Base Elevation of Privilege Vulnerability
CVE-2024-20758 1 Adobe 2 Commerce, Magento 2026-06-17 N/A 9.0 CRITICAL
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.
CVE-2024-20733 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2026-06-17 N/A 5.5 MEDIUM
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20684 1 Microsoft 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more 2026-06-17 N/A 6.5 MEDIUM
Windows Hyper-V Denial of Service Vulnerability
CVE-2024-20670 1 Microsoft 2 Outlook, Windows 2026-06-17 N/A 8.1 HIGH
Outlook for Windows Spoofing Vulnerability
CVE-2024-20666 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2026-06-17 N/A 6.6 MEDIUM
BitLocker Security Feature Bypass Vulnerability
CVE-2024-20659 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2026-06-17 N/A 7.1 HIGH
Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2024-20495 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense 2026-06-17 N/A 8.6 HIGH
A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVE-2024-20484 1 Cisco 1 Enterprise Chat And Email 2026-06-17 N/A 7.5 HIGH
A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start.
CVE-2024-20464 1 Cisco 1 Ios Xe 2026-06-17 N/A 8.6 HIGH
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet.
CVE-2024-20406 1 Cisco 1 Ios Xr 2026-06-17 N/A 7.4 HIGH
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type.
CVE-2024-20405 1 Cisco 1 Finesse 2026-06-17 N/A 4.8 MEDIUM
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.
CVE-2024-20394 1 Cisco 1 Appdynamics 2026-06-17 N/A 5.5 MEDIUM
A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.
CVE-2024-20334 1 Cisco 1 Telepresence Management Suite 2026-06-17 N/A 5.5 MEDIUM
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2024-20327 1 Cisco 13 Asr 9000v-v2, Asr 9001, Asr 9006 and 10 more 2026-06-17 N/A 7.4 HIGH
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.
CVE-2024-20274 1 Cisco 1 Secure Firewall Management Center 2026-06-17 N/A 5.5 MEDIUM
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To successfully exploit this vulnerability, an attacker would need valid credentials for a user account with policy-editing permissions, such as Network Admin, Intrusion Admin, or any custom user role with the same capabilities.