Total
10503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22095 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-22015 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. | |||||
| CVE-2024-21863 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 4.7 MEDIUM |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | |||||
| CVE-2024-21663 | 1 Demon1a | 1 Discord-recon | 2024-11-21 | N/A | 9.9 CRITICAL |
| Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8. | |||||
| CVE-2024-21631 | 1 Vapor | 1 Vapor | 2024-11-21 | N/A | 6.5 MEDIUM |
| Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities. | |||||
| CVE-2024-21627 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 8.1 HIGH |
| PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`. | |||||
| CVE-2024-21625 | 1 Sidequestvr | 1 Sidequest | 2024-11-21 | N/A | 8.8 HIGH |
| SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly. | |||||
| CVE-2024-21519 | 1 Opencart | 1 Opencart | 2024-11-21 | N/A | 6.6 MEDIUM |
| This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup. **Note:** It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root. | |||||
| CVE-2024-21388 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2024-21374 | 1 Microsoft | 1 Teams | 2024-11-21 | N/A | 5.0 MEDIUM |
| Microsoft Teams for Android Information Disclosure Vulnerability | |||||
| CVE-2024-21319 | 1 Microsoft | 3 .net, Identity Model, Visual Studio 2022 | 2024-11-21 | N/A | 6.8 MEDIUM |
| Microsoft Identity Denial of service vulnerability | |||||
| CVE-2024-21316 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| Windows Server Key Distribution Service Security Feature Bypass | |||||
| CVE-2024-21315 | 1 Microsoft | 14 Defender For Endpoint, Windows 10 1507, Windows 10 1607 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | |||||
| CVE-2024-21312 | 1 Microsoft | 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2024-21304 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| Trusted Compute Base Elevation of Privilege Vulnerability | |||||
| CVE-2024-20733 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20721 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-11-21 | N/A | 5.5 MEDIUM |
| Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20709 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-11-21 | N/A | 5.5 MEDIUM |
| Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20684 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-20666 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.6 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||