Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49044 | 1 Microsoft | 1 Visual Studio 2022 | 2024-11-16 | N/A | 6.7 MEDIUM |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-32044 | 2024-11-15 | N/A | N/A | ||
| Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-27200 | 2024-11-15 | N/A | N/A | ||
| Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-39285 | 2024-11-15 | N/A | N/A | ||
| Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2024-29077 | 2024-11-15 | N/A | N/A | ||
| Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-32483 | 2024-11-15 | N/A | N/A | ||
| Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-34022 | 2024-11-15 | N/A | N/A | ||
| Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-11122 | 2024-11-12 | N/A | N/A | ||
| A vulnerability, which was classified as critical, has been found in ???????????? Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10965 | 2024-11-08 | N/A | N/A | ||
| A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-51988 | 2024-11-08 | N/A | N/A | ||
| RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP API access. could delete queues it had no (deletion) permissions for. This issue has been addressed in version 3.12.11 of the open source rabbitMQ release and in versions 1.5.2, 3.13.0, and 4.0.0 of the tanzu release. Users are advised to upgrade. Users unable to upgrade may disable management plugin and use, for example, Prometheus and Grafana for monitoring. | |||||
| CVE-2014-9827 | 1 Imagemagick | 1 Imagemagick | 2024-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |||||
| CVE-2014-9828 | 1 Imagemagick | 1 Imagemagick | 2024-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |||||
| CVE-2014-9830 | 1 Imagemagick | 1 Imagemagick | 2024-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | |||||
| CVE-2014-9831 | 1 Imagemagick | 1 Imagemagick | 2024-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | |||||
| CVE-2016-10144 | 1 Imagemagick | 1 Imagemagick | 2024-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | |||||
| CVE-2024-7424 | 2024-11-01 | N/A | 5.4 MEDIUM | ||
| The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects. | |||||
| CVE-2024-48925 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | N/A | 6.5 MEDIUM |
| Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch. | |||||
| CVE-2024-9692 | 2024-10-25 | N/A | N/A | ||
| VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations. | |||||
| CVE-2016-2822 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-10-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | |||||
| CVE-2016-2831 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-10-22 | 5.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. | |||||