Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7889 | 1 Citrix | 1 Workspace | 2024-10-22 | N/A | 7.3 HIGH |
| Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | |||||
| CVE-2024-38124 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-22 | N/A | 9.0 CRITICAL |
| Windows Netlogon Elevation of Privilege Vulnerability | |||||
| CVE-2024-38129 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-10-22 | N/A | 6.6 MEDIUM |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2024-38149 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-22 | N/A | 7.5 HIGH |
| BranchCache Denial of Service Vulnerability | |||||
| CVE-2024-38262 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-22 | N/A | 7.5 HIGH |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-38179 | 1 Microsoft | 1 Azure Stack Hci | 2024-10-22 | N/A | 8.8 HIGH |
| Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | |||||
| CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-21 | N/A | 7.4 HIGH |
| Windows Remote Desktop Services Tampering Vulnerability | |||||
| CVE-2024-43504 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-10-21 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-43488 | 1 Microsoft | 1 Visual Studio Code | 2024-10-21 | N/A | 9.8 CRITICAL |
| Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | |||||
| CVE-2024-43615 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-21 | N/A | 7.1 HIGH |
| Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | |||||
| CVE-2024-43614 | 1 Microsoft | 1 Defender For Endpoint | 2024-10-21 | N/A | 5.5 MEDIUM |
| Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | |||||
| CVE-2024-43612 | 1 Microsoft | 1 Power Bi Report Server | 2024-10-21 | N/A | 4.7 MEDIUM |
| Power BI Report Server Spoofing Vulnerability | |||||
| CVE-2024-43616 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-10-21 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2024-21261 | 1 Oracle | 1 Application Express | 2024-10-21 | N/A | 4.9 MEDIUM |
| Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-43485 | 3 Apple, Linux, Microsoft | 5 Macos, Linux Kernel, .net and 2 more | 2024-10-21 | N/A | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2024-43483 | 3 Apple, Linux, Microsoft | 21 Macos, Linux Kernel, .net and 18 more | 2024-10-21 | N/A | 7.5 HIGH |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2024-21262 | 1 Oracle | 1 Mysql | 2024-10-21 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). | |||||
| CVE-2024-21242 | 1 Oracle | 1 Xml Database | 2024-10-21 | N/A | 3.5 LOW |
| Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). | |||||
| CVE-2024-21286 | 1 Oracle | 1 Peoplesoft Enterprise | 2024-10-21 | N/A | 5.4 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-4211 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 2.4 LOW |
| Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||||