Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1482 | 2024-11-18 | N/A | 6.4 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain access to sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-0793 | 2024-11-18 | N/A | 7.7 HIGH | ||
| A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn. | |||||
| CVE-2021-1465 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system. | |||||
| CVE-2020-3538 | 2024-11-18 | N/A | 4.6 MEDIUM | ||
| A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2021-1462 | 2024-11-18 | N/A | 4.4 MEDIUM | ||
| A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to an affected system with an Administrator account and creating a malicious file, which the system would parse at a later time. A successful exploit could allow the attacker to obtain root privileges on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-49033 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-16 | N/A | 7.5 HIGH |
| Microsoft Word Security Feature Bypass Vulnerability | |||||
| CVE-2024-8755 | 2024-11-15 | N/A | 8.4 HIGH | ||
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-21949 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 5.5 MEDIUM |
| Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. | |||||
| CVE-2024-21974 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 8.8 HIGH |
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | |||||
| CVE-2024-21975 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 8.8 HIGH |
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | |||||
| CVE-2024-32048 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
| Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2024-28049 | 2024-11-15 | N/A | 5.7 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. | |||||
| CVE-2024-23198 | 2024-11-15 | N/A | 6.6 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. | |||||
| CVE-2024-33624 | 2024-11-15 | N/A | 4.3 MEDIUM | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2024-32485 | 2024-11-15 | N/A | 3.9 LOW | ||
| Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-28028 | 2024-11-15 | N/A | 7.5 HIGH | ||
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-36284 | 2024-11-15 | N/A | 5.5 MEDIUM | ||
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-24984 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
| Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2024-39811 | 2024-11-15 | N/A | 6.3 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36282 | 2024-11-15 | N/A | 8.2 HIGH | ||
| Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access. | |||||