Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29990 | 1 Microsoft | 1 Azure Kubernetes Service Confidential Containers | 2025-01-09 | N/A | 9.0 CRITICAL |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||||
| CVE-2024-29064 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-09 | N/A | 5.5 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-29063 | 1 Microsoft | 1 Azure Ai Search | 2025-01-09 | N/A | 5.5 MEDIUM |
| Azure AI Search Information Disclosure Vulnerability | |||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2025-01-08 | N/A | 9.8 CRITICAL |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2023-29725 | 1 Bt21 X Bts Wallpaper Project | 1 Bt21 X Bts Wallpaper | 2025-01-08 | N/A | 5.5 MEDIUM |
| The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. | |||||
| CVE-2023-29724 | 1 Bt21 X Bts Wallpaper Project | 1 Bt21 X Bts Wallpaper | 2025-01-08 | N/A | 7.8 HIGH |
| The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. | |||||
| CVE-2023-28469 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-01-08 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | |||||
| CVE-2024-38163 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2025-01-08 | N/A | N/A |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-7063 | 1 Wpmet | 1 Elementskit | 2025-01-08 | N/A | 4.3 MEDIUM |
| The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts. | |||||
| CVE-2024-30056 | 1 Microsoft | 1 Edge Chromium | 2025-01-08 | N/A | 5.4 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-42426 | 1 Dell | 1 Powerscale Onefs | 2025-01-08 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-4563 | 1 Progress | 1 Moveit Automation | 2025-01-08 | N/A | 7.5 HIGH |
| The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | |||||
| CVE-2023-33733 | 1 Reportlab | 1 Reportlab | 2025-01-08 | N/A | 7.8 HIGH |
| Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. | |||||
| CVE-2024-30041 | 1 Microsoft | 1 Bing Search | 2025-01-08 | N/A | N/A |
| Microsoft Bing Search Spoofing Vulnerability | |||||
| CVE-2024-30042 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-01-08 | N/A | N/A |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-30043 | 1 Microsoft | 1 Sharepoint Server | 2025-01-08 | N/A | 7.5 HIGH |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2024-30045 | 1 Microsoft | 3 .net, Powershell, Visual Studio 2022 | 2025-01-08 | N/A | N/A |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2024-28916 | 1 Microsoft | 1 Xbox Gaming Services | 2025-01-08 | N/A | N/A |
| Xbox Gaming Services Elevation of Privilege Vulnerability | |||||
| CVE-2024-32967 | 1 Zitadel | 1 Zitadel | 2025-01-08 | N/A | 5.3 MEDIUM |
| Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade. | |||||
| CVE-2024-39683 | 1 Zitadel | 1 Zitadel | 2025-01-08 | N/A | 6.5 MEDIUM |
| ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent (browser). Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user's sessions. Versions 2.55.1, 2.54.5, and 2.53.8 contain a fix for the issue. There is no workaround since a patch is already available. | |||||