Total
12031 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37373 | 1 Ivanti | 1 Avalanche | 2024-08-16 | 7.2 High |
| Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | ||||
| CVE-2024-21810 | 1 Intel | 1 Ethernet Complete Driver Pack | 2024-08-16 | 8.8 High |
| Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-34118 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | 5.5 Medium |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-7507 | 1 Rockwellautomation | 5 Compact Guardlogix 5380 Firmware, Compactlogix 5480 Firmware, Controllogix 5380 Firmware and 2 more | 2024-08-15 | N/A |
| CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller. | ||||
| CVE-2024-7515 | 1 Rockwellautomation | 5 Compact Guardlogix 5380 Firmware, Compactlogix 5380 Firmware, Compactlogix 5480 Firmware and 2 more | 2024-08-15 | N/A |
| CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller. | ||||
| CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | 9.1 Critical |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | ||||
| CVE-2023-34424 | 2024-08-14 | 4.4 Medium | ||
| Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2023-1577 | 1 Lenovo | 1 Drivers Management | 2024-08-13 | 7.8 High |
| A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2017-3772 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 5.5 Medium |
| A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot. | ||||
| CVE-2024-40721 | 1 Changingtec | 2 Servisign, Tcb Servisign | 2024-08-09 | 8.8 High |
| The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path. | ||||
| CVE-2024-40720 | 2 Changinginformationtechnology, Changingtec | 2 Tcbservisign, Tcb Servisign | 2024-08-09 | 8.8 High |
| The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands. | ||||
| CVE-2024-6254 | 2024-08-08 | 4.3 Medium | ||
| The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms intended for public use as another user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. On sites where unfiltered_html is enabled, this can lead to the admin unknowingly adding a Stored Cross-Site Scripting payload. | ||||
| CVE-2024-23483 | 1 Zscaler | 1 Client Connector | 2024-08-07 | 7 High |
| An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. | ||||
| CVE-2024-7005 | 1 Google | 1 Chrome | 2024-08-07 | 8.8 High |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | ||||
| CVE-2024-6915 | 1 Jfrog | 1 Artifactory | 2024-08-06 | 9.3 Critical |
| JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. | ||||
| CVE-2024-26821 | 2024-05-16 | 4.1 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-26827 | 2024-04-18 | 4.4 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-26628 | 2024-03-20 | 6.0 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2021-46946 | 2024-03-08 | 0.0 Low | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2021-3487 | 1 Redhat | 1 Enterprise Linux | 2023-11-20 | 0.0 Low |
| Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt | ||||