High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
---|---|---|---|---|---|
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47410 | psirt@adobe.com |
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47411 | psirt@adobe.com |
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47412 | psirt@adobe.com |
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47413 | psirt@adobe.com |
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47414 | psirt@adobe.com |
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47415 | psirt@adobe.com |
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47416 | psirt@adobe.com |
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47417 | psirt@adobe.com |
adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47418 | psirt@adobe.com |
adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | 2024-10-10 | 9.8 | CVE-2024-45115 | psirt@adobe.com |
adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim’s browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction. | 2024-10-10 | 8.1 | CVE-2024-45116 | psirt@adobe.com |
adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed. | 2024-10-10 | 7.6 | CVE-2024-45117 | psirt@adobe.com |
Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47421 | psirt@adobe.com |
Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction. | 2024-10-09 | 7.8 | CVE-2024-47422 | psirt@adobe.com |
Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or executed by the system. Exploitation of this issue requires user interaction. | 2024-10-09 | 7.8 | CVE-2024-47423 | psirt@adobe.com |
Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47424 | psirt@adobe.com |
Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47425 | psirt@adobe.com |
Adobe–Dimension |
Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45146 | psirt@adobe.com |
Adobe–Dimension |
Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45150 | psirt@adobe.com |
Adobe–InCopy |
InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue requires user interaction. | 2024-10-09 | 7.8 | CVE-2024-45136 | psirt@adobe.com |
Adobe–InDesign Desktop |
InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction. | 2024-10-09 | 7.8 | CVE-2024-45137 | psirt@adobe.com |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45138 | psirt@adobe.com |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45139 | psirt@adobe.com |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45140 | psirt@adobe.com |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45141 | psirt@adobe.com |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45142 | psirt@adobe.com |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45143 | psirt@adobe.com |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45144 | psirt@adobe.com |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45152 | psirt@adobe.com |
afthemes–WP Post Author Boost Your Blog’s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder |
The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-10-12 | 7.2 | CVE-2024-8757 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
Apache Software Foundation–Apache Subversion |
On Windows platforms, a “best fit” character encoding conversion of command line arguments to Subversion’s executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms. | 2024-10-09 | 8.2 | CVE-2024-45720 | security@apache.org |
Apache Software Foundation–Apache XML Graphics FOP |
Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue. | 2024-10-09 | 7.5 | CVE-2024-28168 | security@apache.org |
ataurr–GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor |
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins. | 2024-10-11 | 9.8 | CVE-2024-9234 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
Bit Form–Bit Form Contact Form Plugin |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11. | 2024-10-07 | 7.6 | CVE-2024-47335 | audit@patchstack.com |
btcsuite–btcd |
btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core’s “FindAndDelete()” functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn’t return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a “standard” Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = “<data> <data||foo>”` and `dataToRemove = “data”` btcd will remove both data pushes but Bitcoin Core’s `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2024-10-11 | 7.4 | CVE-2024-38365 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
Cacti–cacti |
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue. | 2024-10-07 | 7.3 | CVE-2024-43362 | security-advisories@github.com |
Cacti–cacti |
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 7.2 | CVE-2024-43363 | security-advisories@github.com |
Canonical Ltd.–Authd |
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user’s ID and gain their privileges. | 2024-10-10 | 7.5 | CVE-2024-9312 | security@ubuntu.com security@ubuntu.com |
checkmk — checkmk |
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | 2024-10-10 | 7.5 | CVE-2024-6747 | security@checkmk.com |
code-projects–Blood Bank System |
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file register.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9797 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects–Crud Operation System |
A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9812 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects–Restaurant Reservation System |
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9811 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Codezips–Pharmacy Management System |
A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9813 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Codezips–Pharmacy Management System |
A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Affected is an unknown function of the file product/update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9814 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
cure53–DOMPurify |
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. | 2024-10-11 | 10 | CVE-2024-47875 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9782 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9783 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9784 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9785 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9786 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9909 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9910 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9911 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9912 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9913 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9914 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
D-Link–DIR-619L B1 |
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9915 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
discourse–discourse |
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 8.2 | CVE-2024-45051 | security-advisories@github.com |
discourse–discourse |
Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value. | 2024-10-08 | 8.2 | CVE-2024-47773 | security-advisories@github.com |
discourse–discourse |
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 7.5 | CVE-2024-43789 | security-advisories@github.com |
dlink — dir-605l_firmware |
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9563 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dlink — dir-605l_firmware |
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9564 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dlink — dir-605l_firmware |
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9565 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dlink — dir-619l_firmware |
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9566 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dlink — dir-619l_firmware |
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9567 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dlink — dir-619l_firmware |
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9568 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dlink — dir-619l_firmware |
A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9569 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dlink — dir-619l_firmware |
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9570 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Elie Burstein, Baptiste Gourdin–Talkback |
Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0. | 2024-10-11 | 9.8 | CVE-2024-48033 | audit@patchstack.com |
Eyecix–JobSearch |
Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9. | 2024-10-10 | 9.8 | CVE-2024-47636 | audit@patchstack.com |
Fortinet–FortiAnalyzer |
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | 2024-10-08 | 7.2 | CVE-2024-45330 | psirt@fortinet.com |
GitLab–GitLab |
An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. | 2024-10-11 | 9.6 | CVE-2024-9164 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | 2024-10-11 | 8.2 | CVE-2024-8970 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks. | 2024-10-10 | 8.2 | CVE-2024-8977 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances. | 2024-10-10 | 7.3 | CVE-2024-6530 | cve@gitlab.com cve@gitlab.com |
Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | 2024-10-08 | 8.8 | CVE-2024-9602 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-10-08 | 8.8 | CVE-2024-9603 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
guruteam–Bot for Telegram on WooCommerce |
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the ‘stm_wpcfto_get_settings’ AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature. | 2024-10-12 | 8.8 | CVE-2024-9821 | security@wordfence.com security@wordfence.com |
h2o–picotls |
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d. | 2024-10-11 | 8.6 | CVE-2024-45402 | security-advisories@github.com security-advisories@github.com |
h2o–quicly |
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c. | 2024-10-11 | 7.5 | CVE-2024-45396 | security-advisories@github.com security-advisories@github.com |
happyplugins–Shortcodes AnyWhere |
The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-10-10 | 7.3 | CVE-2024-9581 | security@wordfence.com security@wordfence.com |
HashiCorp–Vault |
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | 2024-10-10 | 7.2 | CVE-2024-9180 | security@hashicorp.com |
HP, Inc.–HP Hotkey Support |
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. | 2024-10-07 | 8.8 | CVE-2024-27458 | hp-security-alert@hp.com |
HuangDou–UTCMS |
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-13 | 7.3 | CVE-2024-9916 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
inventree–InvenTree |
InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addressed as follows: 1. HTML sanitization has been enabled in the front-end markdown rendering library – `easymde`. 2. Stored markdown is also validated on the backend, to ensure that malicious markdown is not stored in the database. These changes are available in release versions 0.16.5 and later. All users are advised to upgrade. There are no workarounds, an update is required to get the new validation functions. | 2024-10-07 | 7.3 | CVE-2024-47610 | security-advisories@github.com security-advisories@github.com |
ivanti — endpoint_manager_cloud_services_appliance |
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | 2024-10-08 | 7.2 | CVE-2024-9379 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
ivanti — endpoint_manager_cloud_services_appliance |
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | 2024-10-08 | 7.2 | CVE-2024-9380 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–Avalanche |
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | 2024-10-08 | 7.5 | CVE-2024-47007 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–Avalanche |
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | 2024-10-08 | 7.5 | CVE-2024-47008 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–Avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 2024-10-08 | 7.3 | CVE-2024-47009 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–Avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 2024-10-08 | 7.3 | CVE-2024-47010 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–Avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | 2024-10-08 | 7.5 | CVE-2024-47011 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–CSA (Cloud Services Appliance) |
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | 2024-10-08 | 7.2 | CVE-2024-9381 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–Endpoint Manager Mobile |
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to access or modify sensitive configuration files without proper authorization. | 2024-10-08 | 8.8 | CVE-2024-7612 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–Velocity License Server |
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | 2024-10-08 | 7 | CVE-2024-9167 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
jetbrains — teamcity |
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | 2024-10-08 | 7.5 | CVE-2024-47948 | cve@jetbrains.com |
jetbrains — teamcity |
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | 2024-10-08 | 7.5 | CVE-2024-47949 | cve@jetbrains.com |
Juniper Networks–Junos OS |
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. In some cases, rpd fails to restart requiring a manual restart via the ‘restart routing’ CLI command. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5, * 22.3 before 22.3R3-S4, * 22.4 before 22.4R3-S3, * 23.2 before 23.2R2-S2, * 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S5-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S2-EVO, * 23.4-EVO before 23.4R2-EVO. | 2024-10-09 | 7.5 | CVE-2024-39515 | sirt@juniper.net sirt@juniper.net |
Juniper Networks–Junos OS |
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP with any address family configured. This issue affects: Junos OS: * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5, * 22.3 before 22.3R3-S4, * 22.4 before 22.4R3-S3, * 23.2 before 23.2R2-S2, * 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S5-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S2-EVO, * 23.4-EVO before 23.4R2-EVO. | 2024-10-09 | 7.5 | CVE-2024-39516 | sirt@juniper.net |
Juniper Networks–Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R2-EVO. | 2024-10-09 | 7.5 | CVE-2024-39525 | sirt@juniper.net sirt@juniper.net |
Juniper Networks–Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS). If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process. While not explicitly required, the impact is more severe when RIB sharding is enabled. Task accounting shows unexpected reads by the RPD Server jobs for shards: user@junos> show task accounting detail … read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888 This issue affects: Junos OS with cRPD: * All versions before 21.2R3-S8, * 21.4 before 21.4R3-S7, * 22.1 before 22.1R3-S6, * 22.2 before 22.2R3-S4, * 22.3 before 22.3R3-S3, * 22.4 before 22.4R3-S2, * 23.2 before 23.2R2-S2, * 24.2 before 24.2R2; Junos OS Evolved with cRPD: * All versions before 21.4R3-S7-EVO, * 22.2 before 22.2R3-S4-EVO, * 22.3 before 22.3R3-S3-EVO, * 22.4 before 22.4R3-S2-EVO, * 23.2 before 23.2R2-EVO. | 2024-10-11 | 7.5 | CVE-2024-39547 | sirt@juniper.net |
Juniper Networks–Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. Continuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects: ?Juniper Networks Junos OS: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. ?Juniper Networks Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO. | 2024-10-11 | 7.5 | CVE-2024-47491 | sirt@juniper.net |
Juniper Networks–Junos OS |
An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be used to monitor the resource usage: user@host> show system processes extensive | match mgd | count This issue affects Junos OS on SRX Series and EX Series: All versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, from 23.4 before 23.4R1-S2, 23.4R2. | 2024-10-11 | 7.5 | CVE-2024-47497 | sirt@juniper.net |
Juniper Networks–Junos OS |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R3-S8-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO. | 2024-10-11 | 7.5 | CVE-2024-47499 | sirt@juniper.net |
Juniper Networks–Junos OS |
An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart. This issue affects Junos OS: * 22.1 releases 22.1R1 and later before 22.2R3-S5, * 22.3 releases before 22.3R3-S4, * 22.4 releases before 22.4R3-S4, * 23.2 releases before 23.2R2-S2, * 23.4 releases before 23.4R2-S1, * 24.2 releases before 24.2R1-S1, 24.2R2. Please note that the PR does indicate that earlier versions have been fixed as well, but these won’t be adversely impacted by this. | 2024-10-11 | 7.5 | CVE-2024-47504 | sirt@juniper.net |
Juniper Networks–Junos OS Evolved |
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue. This issue affects Junos OS Evolved ACX 7000 Series: * All versions before 21.4R3-S9-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S3-EVO, * 22.4-EVO before 22.4R3-S2-EVO, * 23.2-EVO before 23.2R2-EVO, * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO. | 2024-10-11 | 8.2 | CVE-2024-47490 | sirt@juniper.net |
Juniper Networks–Junos OS Evolved |
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established. A continuously increasing number of connections shown by: user@host > show system connections is indicative of the problem. To recover the respective RE needs to be restarted manually. This issue only affects IPv4 but does not affect IPv6. This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine). This issue affects Junos OS Evolved:Â * All versions before 21.4R3-S9-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 version before 22.4R3-S3-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R2-EVO. | 2024-10-11 | 7.5 | CVE-2024-47502 | sirt@juniper.net |
Juniper Networks–Junos Space |
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance. This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability. | 2024-10-11 | 7.3 | CVE-2024-39563 | sirt@juniper.net |
lagunaisw–WP Users Masquerade |
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the ‘ajax_masq_login’ function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. | 2024-10-10 | 8.8 | CVE-2024-9522 | security@wordfence.com security@wordfence.com |
latepoint–LatePoint Plugin |
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user’s password is only possible if the “Use WordPress users as customers” setting is enabled, which is disabled by default. Without this setting enabled, only the passwords of plugin customers, which are stored and managed in a separate database table, can be modified. | 2024-10-08 | 9.8 | CVE-2024-8911 | security@wordfence.com security@wordfence.com |
latepoint–LatePoint Plugin |
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the “Use WordPress users as customers” setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13. | 2024-10-08 | 9.8 | CVE-2024-8943 | security@wordfence.com security@wordfence.com |
Lenovo–App Store |
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-4130 | psirt@lenovo.com |
Lenovo–Baiying |
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33579 | psirt@lenovo.com |
Lenovo–Emulator |
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-4131 | psirt@lenovo.com |
Lenovo–Leyun |
A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33578 | psirt@lenovo.com |
Lenovo–Lock Screen |
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-4132 | psirt@lenovo.com |
Lenovo–PC Manager AI intelligent scenario |
A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33581 | psirt@lenovo.com |
Lenovo–Personal Cloud |
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33580 | psirt@lenovo.com |
Lenovo–Service Framework |
A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33582 | psirt@lenovo.com |
Lenovo–stARstudio |
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-9046 | psirt@lenovo.com |
Lenovo–SuperFile |
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-4089 | psirt@lenovo.com |
libarchive — libarchive |
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 2024-10-10 | 7.8 | CVE-2024-48957 | cve@mitre.org cve@mitre.org |
libarchive — libarchive |
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 2024-10-10 | 7.8 | CVE-2024-48958 | cve@mitre.org cve@mitre.org |
Linux Workbooth–Linux Workbooth |
Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script. | 2024-10-07 | 7 | CVE-2024-9576 | cve-coordination@incibe.es |
makeplane–plane |
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0. | 2024-10-11 | 9.3 | CVE-2024-47830 | security-advisories@github.com security-advisories@github.com |
mecha-cms — mecha |
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. | 2024-10-07 | 9.8 | CVE-2024-46446 | cve@mitre.org cve@mitre.org |
MediaTek, Inc.–MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797 |
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. | 2024-10-07 | 7.5 | CVE-2024-20094 | security@mediatek.com |
MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8365, MT8512, MT8676, MT8678, MT8695, MT8698, MT8755, MT8775, MT8792, MT8796 |
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603. | 2024-10-07 | 9.8 | CVE-2024-20100 | security@mediatek.com |
MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8512, MT8676, MT8678, MT8695, MT8698, MT8755, MT8775, MT8792, MT8796 |
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602. | 2024-10-07 | 9.8 | CVE-2024-20101 | security@mediatek.com |
MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8512, MT8678, MT8695, MT8698, MT8796, MT8893 |
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599. | 2024-10-07 | 9.8 | CVE-2024-20103 | security@mediatek.com |
MediaTek, Inc.–MT6761, MT6765, MT6768, MT6779, MT6785, MT6853, MT6873, MT6885, MT8385, MT8666, MT8667, MT8766, MT8768, MT8781, MT8788, MT8789 |
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700. | 2024-10-07 | 7.8 | CVE-2024-20092 | security@mediatek.com |
microsoft — windows_10_1809 |
Microsoft Management Console Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43572 | secure@microsoft.com |
microsoft — windows_10_22h2 |
Windows MSHTML Platform Spoofing Vulnerability | 2024-10-08 | 8.1 | CVE-2024-43573 | secure@microsoft.com |
Microsoft–Azure CLI |
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | 2024-10-08 | 8.7 | CVE-2024-43591 | secure@microsoft.com |
Microsoft–Azure Monitor |
Azure Monitor Agent Elevation of Privilege Vulnerability | 2024-10-08 | 7.1 | CVE-2024-38097 | secure@microsoft.com |
Microsoft–Azure Stack HCI |
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | 2024-10-08 | 8.8 | CVE-2024-38179 | secure@microsoft.com |
Microsoft–DeepSpeed |
DeepSpeed Remote Code Execution Vulnerability | 2024-10-08 | 8.4 | CVE-2024-43497 | secure@microsoft.com |
Microsoft–Microsoft 365 Apps for Enterprise |
Microsoft Office Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43576 | secure@microsoft.com |
Microsoft–Microsoft Configuration Manager |
Microsoft Configuration Manager Remote Code Execution Vulnerability | 2024-10-08 | 9.8 | CVE-2024-43468 | secure@microsoft.com |
Microsoft–Microsoft Copilot Studio |
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector | 2024-10-09 | 7.4 | CVE-2024-43610 | secure@microsoft.com |
Microsoft–Microsoft Office 2019 |
Microsoft Office Visio Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43505 | secure@microsoft.com |
Microsoft–Microsoft Office 2019 |
Microsoft Office Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43616 | secure@microsoft.com |
Microsoft–Microsoft Office LTSC 2024 |
Microsoft Excel Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43504 | secure@microsoft.com |
Microsoft–Microsoft SharePoint Enterprise Server 2016 |
Microsoft SharePoint Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43503 | secure@microsoft.com |
Microsoft–Microsoft Visual Studio 2022 version 17.6 |
.NET and Visual Studio Remote Code Execution Vulnerability | 2024-10-08 | 8.1 | CVE-2024-38229 | secure@microsoft.com |
Microsoft–Microsoft Visual Studio 2022 version 17.6 |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43483 | secure@microsoft.com |
Microsoft–Microsoft Visual Studio 2022 version 17.6 |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43484 | secure@microsoft.com |
Microsoft–Microsoft Visual Studio 2022 version 17.6 |
.NET and Visual Studio Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43485 | secure@microsoft.com |
Microsoft–Remote Desktop client for Windows Desktop |
Remote Desktop Client Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43533 | secure@microsoft.com |
Microsoft–Visual C++ Redistributable Installer |
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43590 | secure@microsoft.com |
Microsoft–Visual Studio Code |
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | 2024-10-08 | 8.8 | CVE-2024-43488 | secure@microsoft.com |
Microsoft–Visual Studio Code |
Visual Studio Code for Linux Remote Code Execution Vulnerability | 2024-10-08 | 7.1 | CVE-2024-43601 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Hyper-V Remote Code Execution Vulnerability | 2024-10-08 | 8 | CVE-2024-30092 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43517 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Telephony Server Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43518 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43519 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Remote Registry Service Elevation of Privilege Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43532 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Remote Desktop Protocol Server Remote Code Execution Vulnerability | 2024-10-08 | 8.1 | CVE-2024-43582 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Remote Desktop Client Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43599 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Hyper-V Security Feature Bypass Vulnerability | 2024-10-08 | 7.1 | CVE-2024-20659 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
BranchCache Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-38149 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43501 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 7.1 | CVE-2024-43502 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
BranchCache Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43506 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Graphics Component Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43509 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 7 | CVE-2024-43511 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43515 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43516 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43528 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Secure Channel Spoofing Vulnerability | 2024-10-08 | 7.4 | CVE-2024-43550 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Storage Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43551 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
NT OS Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 7.4 | CVE-2024-43553 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Graphics Component Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43556 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43560 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43562 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43563 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43565 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 2024-10-08 | 7.1 | CVE-2024-43581 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Winlogon Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43583 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 2024-10-08 | 7.1 | CVE-2024-43615 | secure@microsoft.com |
Microsoft–Windows 11 version 22H2 |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 2024-10-08 | 7 | CVE-2024-43522 | secure@microsoft.com |
Microsoft–Windows 11 version 22H2 |
Windows Shell Remote Code Execution Vulnerability | 2024-10-08 | 7.3 | CVE-2024-43552 | secure@microsoft.com |
Microsoft–Windows 11 Version 24H2 |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43514 | secure@microsoft.com |
Microsoft–Windows 11 Version 24H2 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43527 | secure@microsoft.com |
Microsoft–Windows 11 Version 24H2 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-10-08 | 7 | CVE-2024-43535 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Netlogon Elevation of Privilege Vulnerability | 2024-10-08 | 9 | CVE-2024-38124 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-38212 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-38265 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43453 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43549 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43564 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43589 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43592 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43593 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43607 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43608 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43611 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-38261 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 2024-10-08 | 7.5 | CVE-2024-38262 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Hyper-V Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43521 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43541 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43544 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43545 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Hyper-V Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43567 | secure@microsoft.com |
Microsoft–Windows Server 2019 |
Windows Hyper-V Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43575 | secure@microsoft.com |
Microsoft–Windows Server 2022 |
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 2024-10-08 | 8.3 | CVE-2024-43574 | secure@microsoft.com |
Microsoft–Windows Server 2022 |
Windows Print Spooler Elevation of Privilege Vulnerability | 2024-10-08 | 7.3 | CVE-2024-43529 | secure@microsoft.com |
Microsoft–Windows Server 2022 |
Windows Scripting Engine Security Feature Bypass Vulnerability | 2024-10-08 | 7.7 | CVE-2024-43584 | secure@microsoft.com |
Microsoft–Windows Server 2022, 23H2 Edition (Server Core installation) |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 2024-10-08 | 7.5 | CVE-2024-38029 | secure@microsoft.com |
Microsoft–Windows Server 2022, 23H2 Edition (Server Core installation) |
Windows Kerberos Elevation of Privilege Vulnerability | 2024-10-08 | 7.5 | CVE-2024-38129 | secure@microsoft.com |
miraheze–WikiDiscover |
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`. | 2024-10-07 | 7.6 | CVE-2024-47782 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
Mozilla–Firefox |
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. | 2024-10-09 | 9.8 | CVE-2024-9680 | security@mozilla.org security@mozilla.org security@mozilla.org |
n/a–ggit |
All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API. | 2024-10-08 | 7.3 | CVE-2024-21532 | report@snyk.io report@snyk.io |
n/a–jsonpath-plus |
Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** The unsafe behavior is still available after applying the fix but it is not turned on by default. | 2024-10-11 | 9.8 | CVE-2024-21534 | report@snyk.io report@snyk.io |
n/a–n/a |
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks ‘ |