Total
31604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44970 | 1 Linux | 1 Linux Kernel | 2024-10-03 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs with 0 consumed strides for the same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the same wqe which corrupts the linked list. Fix this scenario by accepting 0 sized consumed strides without unlinking the WQE again. | |||||
| CVE-2024-8687 | 1 Paloaltonetworks | 3 Globalprotect, Pan-os, Prisma Access | 2024-10-03 | N/A | 7.1 HIGH |
| An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so. | |||||
| CVE-2024-8516 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2024-10-02 | N/A | 4.3 MEDIUM |
| The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts. | |||||
| CVE-2024-8483 | 1 Madrasthemes | 1 Mas Static Content | 2024-10-02 | N/A | 4.3 MEDIUM |
| The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages. | |||||
| CVE-2024-45823 | 1 Rockwellautomation | 1 Factorytalk Batch View | 2024-10-02 | N/A | 8.1 HIGH |
| CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication. | |||||
| CVE-2024-45825 | 1 Rockwellautomation | 2 5015-u8ihft, 5015-u8ihft Firmware | 2024-10-02 | N/A | 7.5 HIGH |
| CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service. | |||||
| CVE-2024-45373 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 8.8 HIGH |
| Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | |||||
| CVE-2024-9136 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-01 | N/A | 6.7 MEDIUM |
| Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-47294 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-01 | N/A | 4.4 MEDIUM |
| Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-47291 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-01 | N/A | 5.6 MEDIUM |
| Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-47290 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-01 | N/A | 5.5 MEDIUM |
| Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-6841 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-10-01 | N/A | 7.5 HIGH |
| A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. | |||||
| CVE-2024-9321 | 1 Oretnom23 | 1 Railway Reservation System | 2024-10-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in SourceCodester Online Railway Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_details.php. The manipulation of the argument id leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42406 | 1 Mattermost | 1 Mattermost Server | 2024-10-01 | N/A | 5.4 MEDIUM |
| Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files. | |||||
| CVE-2024-43393 | 1 Phoenixcontact | 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more | 2024-10-01 | N/A | 8.1 HIGH |
| A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS. | |||||
| CVE-2024-43392 | 1 Phoenixcontact | 60 Fl Mguard Centerport Vpn-1000, Fl Mguard Centerport Vpn-1000 Firmware, Fl Mguard Core Tx and 57 more | 2024-10-01 | N/A | 8.1 HIGH |
| A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS. | |||||
| CVE-2024-43391 | 1 Phoenixcontact | 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more | 2024-10-01 | N/A | 8.1 HIGH |
| A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS. | |||||
| CVE-2024-43390 | 1 Phoenixcontact | 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more | 2024-10-01 | N/A | 8.1 HIGH |
| A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS. | |||||
| CVE-2024-43389 | 1 Phoenixcontact | 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more | 2024-10-01 | N/A | 8.1 HIGH |
| A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS. | |||||
| CVE-2024-39435 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-30 | N/A | 6.5 MEDIUM |
| In Logmanager service, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed. | |||||