CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2024-38201Azure Stack Hub Elevation of Privilege Vulnerability | CVSS 7 | Microsoft | - | Patched | |
CVE-2024-38196Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVSS 7.8 | Microsoft | - | Patched | |
CVE-2024-38194<p>An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.</p>
| CVSS 8.4 | Microsoft | - | Patched | |
CVE-2024-38189Microsoft Project Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | Exploit | Patched | |
CVE-2024-38105Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | CVSS 6.5 | Microsoft | - | Patched | |
CVE-2024-38095Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Vulnerability exists when System.Formats.Asn1 in .NET parses an X.509 certificate or collection of certificates, a malicious certificate can result in excessive CPU consumption on all platforms result in Denial of Service. | CVSS 7.5 | Microsoft | - | Patched | |
CVE-2024-38055Microsoft Windows Codecs Library Information Disclosure Vulnerability | CVSS 5.5 | Microsoft | - | Patched | |
CVE-2024-38052Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | Microsoft | - | Patched | |
CVE-2024-38047PowerShell Elevation of Privilege Vulnerability | CVSS 7.8 | Microsoft | - | Patched | |
CVE-2024-38046PowerShell Elevation of Privilege Vulnerability | CVSS 7.8 | Microsoft | - | Patched | |
CVE-2024-38043PowerShell Elevation of Privilege Vulnerability | CVSS 7.8 | Microsoft | - | Patched | |
CVE-2024-38033PowerShell Elevation of Privilege Vulnerability | CVSS 7.3 | Microsoft | - | Patched | |
CVE-2024-38021Microsoft Office Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched | |
CVE-2024-37965Microsoft SQL Server Elevation of Privilege Vulnerability | CVSS 8.8 | Microsoft | - | Patched | |
CVE-2024-37794Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file. | CVSS 7.5 | - | - | ||
CVE-2024-37406In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion. | CVSS 7.5 | Brave | - | - | |
CVE-2024-37373Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | CVSS 7.2 | Ivanti | - | Patched | |
CVE-2024-37365A remote code execution vulnerability exists in the affected
product. The vulnerability allows users to save projects within the public
directory allowing anyone with local access to modify and/or delete files. Additionally,
a malicious user could potentially leverage this vulnerability to escalate
their privileges by changing the macro to execute arbitrary code. | CVSS 7.3 | Rockwellautomation | - | - | |
CVE-2024-37346There is an insufficient input validation vulnerability in
the Warehouse component of Absolute Secure Access prior to 13.06. Attackers
with system administrator permissions can impair the availability of certain
elements of the Secure Access administrative UI by writing invalid data to the
warehouse over the network. There is no loss of warehouse integrity or
confidentiality, the security scope is unchanged. Loss of availability is high. | CVSS 4.9 | Sandisk, et al | - | Patched | |
CVE-2024-37061Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. | CVSS 8.8 | Lfprojects | - | Patched | |
CVE-2024-37027Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access. | CVSS 6.1 | Intel | - | - | |
CVE-2024-3676The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator. | CVSS 7.5 | Proofpoint | - | - | |
CVE-2024-36742An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape. | CVSS 7.5 | Oneflow | - | - | |
CVE-2024-36740An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size. | CVSS 7.5 | Oneflow | - | - | |
CVE-2024-36737Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter. | CVSS 7.5 | Oneflow | - | - | |
CVE-2024-36734Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter. | CVSS 7.5 | Oneflow | - | - | |
CVE-2024-3657A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service | CVSS 7.5 | Port389 | - | Patched | |
CVE-2024-36482Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. | CVSS 8.2 | Intel | - | - | |
CVE-2024-36471Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them.
This issue affects Apache Allura from 1.0.1 through 1.16.0.
Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
| CVSS 7.5 | Apache | - | - | |
CVE-2024-3646A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.
| CVSS 8 | Github | - | - | |
CVE-2024-36390MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service | CVSS 7.5 | Milesight | - | - | |
CVE-2024-36284Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | CVSS 5.5 | - | - | ||
CVE-2024-36282Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access. | CVSS 8.2 | Intel | - | - | |
CVE-2024-36226
Impact: Security feature bypass
Severity: Critical
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Security feature bypass
Severity: Moderate
Impact: Security feature bypass
Severity: Moderate
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Security feature bypass
Severity: Moderate | CVSS 4.1 | Adobe | - | Patched | |
CVE-2024-36053In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file. | CVSS 9 | - | - | ||
CVE-2024-3584qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0. | CVSS Low | Qdrant | - | Patched | |
CVE-2024-35296Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | CVSS 8.2 | Apache | - | Patched | |
CVE-2024-35227Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability. | CVSS 7.5 | Discourse | - | - | |
CVE-2024-35213An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process. | CVSS 9 | - | - | ||
CVE-2024-35212A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries. | CVSS 7.5 | Siemens | - | Patched | |
CVE-2024-35161Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | CVSS 7.5 | Apache | - | Patched | |
CVE-2024-3493
A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
| CVSS 8.6 | Rockwellautomation | - | Patched | |
CVE-2024-3488File Upload vulnerability in unauthenticated
session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a
file without authentication.
| CVSS 5.6 | Opentext | - | - | |
CVE-2024-34693Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0
Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.
| CVSS 6.8 | Apache | Exploit | Patched | |
CVE-2024-34545Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. | CVSS 5.7 | Intel | - | Patched | |
CVE-2024-34365** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
| CVSS Low | - | Patched | ||
CVE-2024-34163Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. | CVSS 8.2 | Intel | - | Patched | |
CVE-2024-34118Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | Adobe | - | Patched | |
CVE-2024-34109Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required. | CVSS 7.2 | Adobe | - | Patched | |
CVE-2024-34108Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required | CVSS 7.2 | Adobe | - | Patched | |
CVE-2024-34098
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical | CVSS 7.8 | Adobe | - | Patched | |
CVE-2024-3408man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server. | CVSS 9.8 | Man | Exploit | Patched | |
CVE-2024-34009Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | CVSS 7.5 | - | - | ||
CVE-2024-3400A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted. | CVSS 10 | Paloaltonetworks | Exploit | Patched | |
CVE-2024-33999The referrer URL used by MFA required additional sanitizing, rather than being used directly. | CVSS 9.8 | - | - | ||
CVE-2024-33996Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | CVSS 6.2 | - | - | ||
CVE-2024-3385A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
This affects the following hardware firewall models:
- PA-5400 Series firewalls
- PA-7000 Series firewalls | CVSS 7.5 | Paloaltonetworks | - | - | |
CVE-2024-33792A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tracert page. | CVSS 9.8 | - | - | ||
CVE-2024-3372Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.
| CVSS 7.5 | Aptis-solutions, et al | - | Patched | |
CVE-2024-33700The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption. | CVSS 7.5 | Exploit | - | ||
CVE-2024-33657This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. | CVSS 7.8 | Ami | - | - | |
CVE-2024-33624Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access. | CVSS 4.3 | Intel | - | - | |
CVE-2024-33611Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access. | CVSS 3.4 | Intel | - | - | |
CVE-2024-33066Memory corruption while redirecting log file to any file location with any file name. | CVSS 9.8 | Qualcomm | - | Patched | |
CVE-2024-33065Memory corruption while taking snapshot when an offset variable is set by camera driver. | CVSS 7.8 | Qualcomm | - | Patched | |
CVE-2024-33031Memory corruption while processing the update SIM PB records request. | CVSS 6.7 | Qualcomm | - | Patched | |
CVE-2024-32992Insufficient verification vulnerability in the baseband module
Impact: Successful exploitation of this vulnerability will affect availability. | CVSS 7.5 | - | - | ||
CVE-2024-32990Permission verification vulnerability in the system sharing pop-up module
Impact: Successful exploitation of this vulnerability will affect availability. | CVSS 6.1 | - | - | ||
CVE-2024-32989Insufficient verification vulnerability in the system sharing pop-up module
Impact: Successful exploitation of this vulnerability will affect availability. | CVSS 3.3 | - | - | ||
CVE-2024-32907In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | CVSS 7.8 | - | Patched | ||
CVE-2024-32903In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | CVSS 7.8 | - | Patched | ||
CVE-2024-32860Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | CVSS 8.2 | Dell | - | Patched | |
CVE-2024-32859Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | CVSS 8.2 | Dell | - | Patched | |
CVE-2024-32858Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | CVSS 8.2 | Dell | - | Patched | |
CVE-2024-32856Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | CVSS 6 | Dell | - | Patched | |
CVE-2024-32755Under certain circumstances the web interface will accept characters unrelated to the expected input. | CVSS 9.1 | Johnsoncontrols | - | - | |
CVE-2024-32672A Segmentation Fault issue discovered in
Samsung Open Source Escargot JavaScript engine
allows remote attackers to cause a denial of service via crafted input.
This issue affects Escargot: 4.0.0.
| CVSS 5.3 | - | - | ||
CVE-2024-32669
Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers.
However, it occurs in the test code and does not include in the release.
This issue affects escargot: 4.0.0.
| CVSS 5.3 | Samsung | - | - | |
CVE-2024-32653jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability. | CVSS 6.1 | Jadx project | - | - | |
CVE-2024-32646Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.
| CVSS 5.3 | - | Patched | ||
CVE-2024-32645Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available. | CVSS 5.3 | - | Patched | ||
CVE-2024-32498An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered during image upload or when attaching images to virtual machines. During this process, the affected OpenStack services could be tricked into reading or writing to the host with the equivalent privileges of QEMU. This bypasses isolation restrictions, significantly reducing the security of an affected compute host, and could enable arbitrary code execution, a denial of service, or leaking of secrets. If exploited, the immediate impact is limited to an individual compute host. However, if the attacker has access to multiple hosts and enough time to repeat it, they could potentially spread across all compute hosts. | CVSS 6.5 | Openstack | - | Patched | |
CVE-2024-32485Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access. | CVSS 3.9 | Intel | - | - | |
CVE-2024-32371An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | CVSS 7.5 | Exploit | - | ||
CVE-2024-32048Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | CVSS 6.5 | Intel | - | - | |
CVE-2024-32007An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
| CVSS 7.5 | Apache | - | Patched | |
CVE-2024-31965A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information. | CVSS 4.2 | Mitel | - | - | |
CVE-2024-31959An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution. | CVSS 8.4 | Samsung | - | - | |
CVE-2024-31867Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
| CVSS Low | Apache | - | Patched | |
CVE-2024-31865Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
| CVSS 6.5 | Apache | - | Patched | |
CVE-2024-31862Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
| CVSS 5.3 | Apache | - | Patched | |
CVE-2024-31860Improper Input Validation vulnerability in Apache Zeppelin.
By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.
This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
| CVSS 6.5 | Apache | - | Patched | |
CVE-2024-31841An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. | CVSS 7.5 | Italtel | - | - | |
CVE-2024-3181Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
| CVSS 3.1 | Concretecms | - | Patched | |
CVE-2024-3180Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
| CVSS 3.1 | Concretecms | - | Patched | |
CVE-2024-3179Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
| CVSS 3.1 | Concretecms | - | Patched | |
CVE-2024-3178Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
| CVSS 3.1 | Concretecms | - | Patched | |
CVE-2024-3177A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.
| CVSS 2.7 | Kubernetes | Exploit | Patched | |
CVE-2024-3173Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | CVSS 8.8 | Exploit | Patched | ||
CVE-2024-3152mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. The vulnerabilities are present in the `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector's `/process` endpoints. These issues are due to the application's failure to properly validate user input before passing it to `prisma` functions and other critical operations. Affected versions include the latest version prior to 1.0.0. | CVSS 8.8 | Mintplexlabs | Exploit | Patched |