Total
303337 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41941 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 4.3 MEDIUM |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization. | |||||
CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 9.1 CRITICAL |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | |||||
CVE-2024-41939 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 8.8 HIGH |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. | |||||
CVE-2024-41938 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 5.5 MEDIUM |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. | |||||
CVE-2024-41907 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 4.2 MEDIUM |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. | |||||
CVE-2024-41906 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 4.8 MEDIUM |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. | |||||
CVE-2024-41905 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.8 MEDIUM |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. | |||||
CVE-2023-34424 | 2024-08-14 | N/A | 4.4 MEDIUM | ||
Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2024-23974 | 2024-08-14 | N/A | 6.7 MEDIUM | ||
Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-22374 | 2024-08-14 | N/A | 6.5 MEDIUM | ||
Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2024-24853 | 2024-08-14 | N/A | 7.2 HIGH | ||
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-42667 | 2024-08-14 | N/A | 7.8 HIGH | ||
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-21810 | 2024-08-14 | N/A | 8.8 HIGH | ||
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-43747 | 2024-08-14 | N/A | 6.7 MEDIUM | ||
Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-24983 | 2024-08-14 | N/A | 6.5 MEDIUM | ||
Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
CVE-2024-21769 | 2024-08-14 | N/A | 6.7 MEDIUM | ||
Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-40067 | 2024-08-14 | N/A | 5.7 MEDIUM | ||
Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
CVE-2024-21784 | 2024-08-14 | N/A | 6.7 MEDIUM | ||
Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-48361 | 2024-08-14 | N/A | 2.3 LOW | ||
Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. | |||||
CVE-2024-21844 | 2024-08-14 | N/A | 4.3 MEDIUM | ||
Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access. |