Vulnerabilities (CVE)

Total 303337 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-41941 1 Siemens 1 Sinec Nms 2024-08-14 N/A 4.3 MEDIUM
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.
CVE-2024-41940 1 Siemens 1 Sinec Nms 2024-08-14 N/A 9.1 CRITICAL
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.
CVE-2024-41939 1 Siemens 1 Sinec Nms 2024-08-14 N/A 8.8 HIGH
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.
CVE-2024-41938 1 Siemens 1 Sinec Nms 2024-08-14 N/A 5.5 MEDIUM
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.
CVE-2024-41907 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 N/A 4.2 MEDIUM
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.
CVE-2024-41906 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 N/A 4.8 MEDIUM
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.
CVE-2024-41905 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 N/A 6.8 MEDIUM
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information.
CVE-2023-34424 2024-08-14 N/A 4.4 MEDIUM
Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-23974 2024-08-14 N/A 6.7 MEDIUM
Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22374 2024-08-14 N/A 6.5 MEDIUM
Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-24853 2024-08-14 N/A 7.2 HIGH
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-42667 2024-08-14 N/A 7.8 HIGH
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21810 2024-08-14 N/A 8.8 HIGH
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43747 2024-08-14 N/A 6.7 MEDIUM
Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24983 2024-08-14 N/A 6.5 MEDIUM
Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2024-21769 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40067 2024-08-14 N/A 5.7 MEDIUM
Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2024-21784 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-48361 2024-08-14 N/A 2.3 LOW
Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-21844 2024-08-14 N/A 4.3 MEDIUM
Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.