Total
10395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26126 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-25656 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product. | |||||
| CVE-2024-25590 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. | |||||
| CVE-2024-25290 | 2024-11-21 | N/A | 8.0 HIGH | ||
| An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function. | |||||
| CVE-2024-24941 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 6.1 MEDIUM |
| In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL | |||||
| CVE-2024-24696 | 1 Zoom | 3 Meeting Software Development Kit, Vdi Windows Meeting Clients, Zoom | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||||
| CVE-2024-24695 | 1 Zoom | 3 Meeting Software Development Kit, Vdi Windows Meeting Clients, Zoom | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||||
| CVE-2024-23669 | 1 Fortinet | 1 Fortiwebmanager | 2024-11-21 | N/A | 6.5 MEDIUM |
| An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. | |||||
| CVE-2024-23600 | 2024-11-21 | N/A | 2.7 LOW | ||
| Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. | |||||
| CVE-2024-23487 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-23469 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 9.6 CRITICAL |
| SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | |||||
| CVE-2024-22476 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. | |||||
| CVE-2024-22390 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service. | |||||
| CVE-2024-22382 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-22271 | 2024-11-21 | N/A | 8.2 HIGH | ||
| In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published. | |||||
| CVE-2024-22199 | 1 Gofiber | 1 Django | 2024-11-21 | N/A | 9.3 CRITICAL |
| This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. | |||||
| CVE-2024-22120 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. | |||||
| CVE-2024-22095 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-22015 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. | |||||
| CVE-2024-21625 | 1 Sidequestvr | 1 Sidequest | 2024-11-21 | N/A | 8.8 HIGH |
| SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly. | |||||