Total
312138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38248 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 5 more | 2024-09-17 | N/A | 7.0 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||
| CVE-2024-38249 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-09-17 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2024-38250 | 1 Microsoft | 16 Office, Office Long Term Servicing Channel, Windows 10 1507 and 13 more | 2024-09-17 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2024-43457 | 1 Microsoft | 1 Windows 11 24h2 | 2024-09-17 | N/A | 7.8 HIGH |
| Windows Setup and Deployment Elevation of Privilege Vulnerability | |||||
| CVE-2024-43458 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-17 | N/A | 7.7 HIGH |
| Windows Networking Information Disclosure Vulnerability | |||||
| CVE-2024-43463 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-09-17 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2024-43467 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-17 | N/A | 7.5 HIGH |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-43469 | 1 Microsoft | 1 Azure Cyclecloud | 2024-09-17 | N/A | 8.8 HIGH |
| Azure CycleCloud Remote Code Execution Vulnerability | |||||
| CVE-2024-6921 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024. | |||||
| CVE-2024-6920 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.This issue affects NACPremium: through 01082024. | |||||
| CVE-2024-6919 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024. | |||||
| CVE-2024-38878 | 1 Siemens | 1 Omnivise T3000 Application Server | 2024-09-17 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. | |||||
| CVE-2024-39626 | 1 5starplugins | 1 Pretty Simple Popup Builder | 2024-09-17 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7. | |||||
| CVE-2024-38876 | 1 Siemens | 6 Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Product Data Management and 3 more | 2024-09-17 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. | |||||
| CVE-2024-46451 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
| TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | |||||
| CVE-2024-46424 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-17 | N/A | 7.5 HIGH |
| TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. | |||||
| CVE-2024-46419 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
| TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. | |||||
| CVE-2024-1621 | 1 Nt-ware | 3 Uniflow Online, Uniflow Online Print \& Scan, Uniflow Smartclient | 2024-09-17 | N/A | 7.5 HIGH |
| The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user. | |||||
| CVE-2024-38811 | 1 Vmware | 1 Fusion | 2024-09-17 | N/A | 7.8 HIGH |
| VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. | |||||
| CVE-2024-7029 | 1 Avtech | 2 Avm1203, Avm1203 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
| Commands can be injected over the network and executed without authentication. | |||||