Total
311874 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8164 | 1 Beikeshop | 1 Beikeshop | 2024-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function rename of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the argument new_name leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8163 | 1 Beikeshop | 1 Beikeshop | 2024-09-06 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8439 | 2024-09-06 | N/A | N/A | ||
| Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the issue does not pose a security risk as it falls within the expected functionality and security controls of the application. | |||||
| CVE-2024-7570 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | N/A | 8.1 HIGH |
| Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | |||||
| CVE-2024-7569 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | N/A | 9.8 CRITICAL |
| An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. | |||||
| CVE-2024-37898 | 1 Xwiki | 1 Xwiki | 2024-09-06 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn't have view right on the page. It therefore doesn't seem to be possible to exploit this to gain any rights. This has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document's existing already. | |||||
| CVE-2024-37901 | 1 Xwiki | 1 Xwiki | 2024-09-06 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2. | |||||
| CVE-2024-41947 | 1 Xwiki | 1 Xwiki | 2024-09-06 | N/A | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1. | |||||
| CVE-2024-23499 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 7.5 HIGH |
| Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2024-23907 | 1 Intel | 3 High Level Synthesis Compiler, Oneapi Dpc\+\+\/c\+\+ Compiler, Quartus Prime | 2024-09-06 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-23909 | 1 Intel | 1 Field Programmable Gate Array Software Development Kit For Opencl | 2024-09-06 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-23981 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 8.8 HIGH |
| Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-24986 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 8.8 HIGH |
| Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-25576 | 1 Intel | 1 Agilex 7 Fpga Firmware | 2024-09-06 | N/A | 7.9 HIGH |
| improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-26022 | 1 Intel | 1 Aptio V Uefi Firmware Integrator Tools | 2024-09-06 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-26025 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2024-09-06 | N/A | 7.8 HIGH |
| Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-26027 | 1 Intel | 1 Simics Package Manager | 2024-09-06 | N/A | 7.8 HIGH |
| Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-27461 | 1 Intel | 1 Memory And Storage Tool Gui | 2024-09-06 | N/A | 5.5 MEDIUM |
| Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-28046 | 1 Intel | 1 Graphics Performance Analyzers | 2024-09-06 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28050 | 1 Intel | 2 Arc A Graphics, Iris Xe Graphics | 2024-09-06 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | |||||