Export limit exceeded: 24706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24706 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47178 | 1 Expressjs | 1 Basic-auth-connect | 2024-11-15 | 5.3 Medium |
| basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0. | ||||
| CVE-2024-47532 | 1 Zope | 1 Restrictedpython | 2024-11-15 | 6.5 Medium |
| RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment. | ||||
| CVE-2024-9539 | 1 Github | 1 Enterprise Server | 2024-11-15 | 4.3 Medium |
| An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-24984 | 2024-11-15 | 6.5 Medium | ||
| Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-36282 | 1 Intel | 1 Server Board S2600st Firmware | 2024-11-15 | 8.2 High |
| Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-33624 | 2024-11-15 | 4.3 Medium | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2024-32048 | 2024-11-15 | 6.5 Medium | ||
| Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-31154 | 1 Intel | 1 S2600bpbr Firmware | 2024-11-15 | 7.5 High |
| Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-33611 | 2024-11-15 | 3.4 Low | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2024-31074 | 2024-11-15 | 5.9 Medium | ||
| Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. | ||||
| CVE-2024-31158 | 1 Intel | 1 Server Board S2600bp Firmware | 2024-11-15 | 7.5 High |
| Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-39811 | 1 Intel | 1 M20ntp Firmware | 2024-11-15 | 6.3 Medium |
| Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-28028 | 1 Intel | 1 Neural Compressor Software | 2024-11-15 | 7.5 High |
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2024-28885 | 2024-11-15 | 5.9 Medium | ||
| Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. | ||||
| CVE-2024-47915 | 1 Vaemendis | 1 Vaemendis Ubooquity | 2024-11-15 | 7.5 High |
| VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2022-2232 | 1 Redhat | 1 Red Hat Single Sign On | 2024-11-15 | 7.5 High |
| A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. | ||||
| CVE-2024-41741 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | 5.3 Medium |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | ||||
| CVE-2024-45309 | 1 Onedev Project | 1 Onedev | 2024-11-14 | 7.5 High |
| OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. | ||||
| CVE-2024-52032 | 1 Mattermost | 1 Mattermost Server | 2024-11-14 | 4.3 Medium |
| Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled. | ||||
| CVE-2024-9513 | 1 Netadmin | 1 Netadmin Iam | 2024-11-13 | 3.7 Low |
| A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument username leads to information exposure through discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure is planning to release a fix in mid-October 2024. | ||||