Total
344631 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8948 | 1 Micropython | 1 Micropython | 2024-09-23 | 7.5 HIGH | 7.5 HIGH |
| A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes. | |||||
| CVE-2024-8949 | 1 Oretnom23 | 1 Online Eyewear Shop | 2024-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8653 | 1 Netcat | 1 Netcat Content Management System | 2024-09-23 | N/A | 6.1 MEDIUM |
| A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch. | |||||
| CVE-2024-8652 | 1 Netcat | 1 Netcat Content Management System | 2024-09-23 | N/A | 6.1 MEDIUM |
| A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch. | |||||
| CVE-2024-8651 | 1 Netcat | 1 Netcat Content Management System | 2024-09-23 | N/A | 5.3 MEDIUM |
| A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch. | |||||
| CVE-2024-37339 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
| Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | |||||
| CVE-2024-38221 | 1 Microsoft | 1 Edge Chromium | 2024-09-23 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-43489 | 1 Microsoft | 1 Edge Chromium | 2024-09-23 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-43496 | 1 Microsoft | 1 Edge Chromium | 2024-09-23 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-9004 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-09-23 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-37340 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
| Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | |||||
| CVE-2024-37338 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
| Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | |||||
| CVE-2024-37337 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 4.3 MEDIUM |
| Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | |||||
| CVE-2024-37335 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
| Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | |||||
| CVE-2024-26191 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
| Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | |||||
| CVE-2024-26186 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 8.8 HIGH |
| Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | |||||
| CVE-2024-37341 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 9.8 CRITICAL |
| Microsoft SQL Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-46779 | 1 Linux | 1 Linux Kernel | 2024-09-23 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Free pvr_vm_gpuva after unlink This caused a measurable memory leak. Although the individual allocations are small, the leaks occurs in a high-usage codepath (remapping or unmapping device memory) so they add up quickly. | |||||
| CVE-2024-37342 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-23 | N/A | 4.3 MEDIUM |
| Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | |||||
| CVE-2024-46760 | 1 Linux | 1 Linux Kernel | 2024-09-23 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtw_rx_fill_rx_status on hw object and/or its fields because initialization routine can start getting USB replies before rtw_dev is fully setup. The stack trace looks like this: rtw_rx_fill_rx_status rtw8821c_query_rx_desc rtw_usb_rx_handler ... queue_work rtw_usb_read_port_complete ... usb_submit_urb rtw_usb_rx_resubmit rtw_usb_init_rx rtw_usb_probe So while we do the async stuff rtw_usb_probe continues and calls rtw_register_hw, which does all kinds of initialization (e.g. via ieee80211_register_hw) that rtw_rx_fill_rx_status relies on. Fix this by moving the first usb_submit_urb after everything is set up. For me, this bug manifested as: [ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped [ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status because I'm using Larry's backport of rtw88 driver with the NULL checks in rtw_rx_fill_rx_status. | |||||