Total
344998 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43585 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-16 | N/A | 5.5 MEDIUM |
| Code Integrity Guard Security Feature Bypass Vulnerability | |||||
| CVE-2024-43584 | 1 Microsoft | 6 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-10-16 | N/A | 8.4 HIGH |
| Windows Scripting Engine Security Feature Bypass Vulnerability | |||||
| CVE-2024-43582 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-16 | N/A | 8.1 HIGH |
| Remote Desktop Protocol Server Remote Code Execution Vulnerability | |||||
| CVE-2024-43481 | 1 Microsoft | 1 Power Bi Report Server | 2024-10-16 | N/A | 8.8 HIGH |
| Power BI Report Server Spoofing Vulnerability | |||||
| CVE-2024-23370 | 1 Qualcomm | 22 Qca6584au, Qca6584au Firmware, Qca6698aq and 19 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. | |||||
| CVE-2024-23374 | 1 Qualcomm | 52 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 49 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. | |||||
| CVE-2024-23375 | 1 Qualcomm | 28 Sa4150p, Sa4150p Firmware, Sa4155p and 25 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Memory corruption during the network scan request. | |||||
| CVE-2024-43780 | 1 Mattermost | 1 Mattermost Server | 2024-10-16 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. | |||||
| CVE-2024-23376 | 1 Qualcomm | 42 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 39 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. | |||||
| CVE-2024-42497 | 1 Mattermost | 1 Mattermost Server | 2024-10-16 | N/A | 4.9 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams. | |||||
| CVE-2024-8231 | 1 Tenda | 2 O6, O6 Firmware | 2024-10-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-23378 | 1 Qualcomm | 36 Qam8255p, Qam8255p Firmware, Qam8650p and 33 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. | |||||
| CVE-2024-23379 | 1 Qualcomm | 68 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 65 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. | |||||
| CVE-2024-45290 | 1 Phpoffice | 1 Phpspreadsheet | 2024-10-16 | N/A | 7.5 HIGH |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-33064 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | N/A | 8.2 HIGH |
| Information disclosure while parsing the multiple MBSSID IEs from the beacon. | |||||
| CVE-2024-33066 | 1 Qualcomm | 142 Csr8811, Csr8811 Firmware, Immersive Home 214 Platform and 139 more | 2024-10-16 | N/A | 9.8 CRITICAL |
| Memory corruption while redirecting log file to any file location with any file name. | |||||
| CVE-2024-33069 | 1 Qualcomm | 88 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 85 more | 2024-10-16 | N/A | 7.5 HIGH |
| Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. | |||||
| CVE-2024-33070 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | N/A | 7.5 HIGH |
| Transient DOS while parsing ESP IE from beacon/probe response frame. | |||||
| CVE-2024-33071 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | N/A | 7.5 HIGH |
| Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. | |||||
| CVE-2024-43687 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-10-16 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | |||||