Total
302438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | |||||
| CVE-2024-41939 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. | |||||
| CVE-2024-41938 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 3.8 LOW |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. | |||||
| CVE-2024-41907 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. | |||||
| CVE-2024-41906 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. | |||||
| CVE-2024-41905 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. | |||||
| CVE-2024-21801 | 2024-08-14 | N/A | 7.1 HIGH | ||
| Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2024-21857 | 2024-08-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-25939 | 2024-08-14 | N/A | 6.0 MEDIUM | ||
| Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2024-28953 | 2024-08-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-40067 | 2024-08-14 | N/A | 5.7 MEDIUM | ||
| Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2024-23974 | 2024-08-14 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34424 | 2024-08-14 | N/A | 4.4 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-38655 | 2024-08-14 | N/A | 6.8 MEDIUM | ||
| Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access. | |||||
| CVE-2023-48361 | 2024-08-14 | N/A | 2.3 LOW | ||
| Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2024-21766 | 2024-08-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21810 | 2024-08-14 | N/A | 8.8 HIGH | ||
| Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21807 | 2024-08-14 | N/A | 8.8 HIGH | ||
| Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21844 | 2024-08-14 | N/A | 4.3 MEDIUM | ||
| Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2024-22374 | 2024-08-14 | N/A | 6.5 MEDIUM | ||
| Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. | |||||