Total
10503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32856 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-11-21 | N/A | 5.1 MEDIUM |
| Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-32755 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Under certain circumstances the web interface will accept characters unrelated to the expected input. | |||||
| CVE-2024-32672 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0. | |||||
| CVE-2024-32669 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0. | |||||
| CVE-2024-32653 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability. | |||||
| CVE-2024-32007 | 1 Apache | 1 Cxf | 2024-11-21 | N/A | 7.5 HIGH |
| An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. | |||||
| CVE-2024-31965 | 2024-11-21 | N/A | 4.2 MEDIUM | ||
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information. | |||||
| CVE-2024-30110 | 2024-11-21 | N/A | 3.7 LOW | ||
| HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways. | |||||
| CVE-2024-30087 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2024-30078 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows Wi-Fi Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-30002 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-2746 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though. Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker. | |||||
| CVE-2024-2469 | 2024-11-21 | N/A | 8.0 HIGH | ||
| An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-2443 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-2257 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats. | |||||
| CVE-2024-2248 | 2024-11-21 | N/A | 6.4 MEDIUM | ||
| A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email. | |||||
| CVE-2024-29998 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-29946 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A | 8.1 HIGH |
| In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. | |||||
| CVE-2024-29838 | 2024-11-21 | N/A | 7.5 HIGH | ||
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software | |||||
| CVE-2024-29068 | 1 Canonical | 1 Snapd | 2024-11-21 | N/A | 5.8 MEDIUM |
| In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service. | |||||