Total
3422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13110 | 2025-01-02 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java, of the component Exam Answer Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-36404 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2025-01-01 | N/A | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2023-38167 | 1 Microsoft | 1 Dynamics 365 Business Central | 2025-01-01 | N/A | 7.2 HIGH |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | |||||
| CVE-2024-21418 | 1 Linuxfoundation | 1 Software For Open Networking In The Cloud | 2024-12-27 | N/A | 7.8 HIGH |
| Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | |||||
| CVE-2024-21436 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-12984 | 2024-12-27 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0104 | 1 Nvidia | 8 Mga100-hs2, Mlnx-gw, Mlnx-os and 5 more | 2024-12-26 | N/A | 4.2 MEDIUM |
| NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | |||||
| CVE-2024-12896 | 2024-12-24 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user". | |||||
| CVE-2024-56330 | 2024-12-20 | N/A | N/A | ||
| Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication (ICC) is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build past 12/20/24. Users are advised to upgrade. Users may also manually disable ICC if they are unable to upgrade. | |||||
| CVE-2024-9503 | 2024-12-20 | N/A | 4.3 MEDIUM | ||
| The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify certain plugin settings. | |||||
| CVE-2024-24568 | 2 Fedoraproject, Oisf | 2 Fedora, Suricata | 2024-12-19 | N/A | 5.3 MEDIUM |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3. | |||||
| CVE-2024-11483 | 2024-12-18 | N/A | 5.0 MEDIUM | ||
| A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services. | |||||
| CVE-2024-31320 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-34725 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.0 HIGH |
| In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0025 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-1632 | 1 Progress | 1 Sitefinity | 2024-12-16 | N/A | 8.8 HIGH |
| Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. | |||||
| CVE-2024-0036 | 1 Google | 1 Android | 2024-12-16 | N/A | 7.8 HIGH |
| In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-1942 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 4.3 MEDIUM |
| Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of. | |||||
| CVE-2024-21848 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 3.1 LOW |
| Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel | |||||
| CVE-2024-29221 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 4.7 MEDIUM |
| Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | |||||