Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3779 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. | |||||
| CVE-2024-39347 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors. | |||||
| CVE-2024-38459 | 2024-11-21 | N/A | 7.8 HIGH | ||
| langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. | |||||
| CVE-2024-37038 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
| CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. | |||||
| CVE-2024-36541 | 1 Kube-logging | 1 Logging-operator | 2024-11-21 | N/A | 8.8 HIGH |
| Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
| CVE-2024-36495 | 2024-11-21 | N/A | 7.7 HIGH | ||
| The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd | |||||
| CVE-2024-35139 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415. | |||||
| CVE-2024-34474 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM. | |||||
| CVE-2024-34455 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2. | |||||
| CVE-2024-34012 | 1 Acronis | 1 Cloud Manager | 2024-11-21 | N/A | 4.4 MEDIUM |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272. | |||||
| CVE-2024-34011 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | |||||
| CVE-2024-32978 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 0.16.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user. | |||||
| CVE-2024-31442 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch. | |||||
| CVE-2024-30204 | 2024-11-21 | N/A | 2.8 LOW | ||
| In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | |||||
| CVE-2024-28862 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation. | |||||
| CVE-2024-27674 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary. | |||||
| CVE-2024-27264 | 2024-11-21 | N/A | 7.4 HIGH | ||
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | |||||
| CVE-2024-27180 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27171 | 2024-11-21 | N/A | 7.4 HIGH | ||
| A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27167 | 2024-11-21 | N/A | 7.4 HIGH | ||
| Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL. | |||||