Total
255441 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-26238 | 2024-06-28 | 7.8 High | ||
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | ||||
CVE-2024-36075 | 2024-06-28 | N/A | ||
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the application configuration component of the Endpoint Protector and Unify agent which allows a remote, unauthenticated attacker to manipulate the configuration of either their own or another client endpoint resulting in the bypass of certain configuration options. Manipulation of the application configuration can result in local policy bypass and in some scenarios remote code execution. | ||||
CVE-2023-36739 | 1 Microsoft | 1 3d Viewer | 2024-06-28 | 7.8 High |
3D Viewer Remote Code Execution Vulnerability | ||||
CVE-2023-36770 | 1 Microsoft | 1 3d Builder | 2024-06-28 | 7.8 High |
3D Builder Remote Code Execution Vulnerability | ||||
CVE-2024-26180 | 2024-06-28 | 8.0 High | ||
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-39350 | 2024-06-28 | 7.5 High | ||
A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. | ||||
CVE-2024-6370 | 2024-06-28 | 3.5 Low | ||
A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803. | ||||
CVE-2024-39133 | 2024-06-28 | N/A | ||
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c. | ||||
CVE-2024-30089 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-06-28 | 7.8 High |
Microsoft Streaming Service Elevation of Privilege Vulnerability | ||||
CVE-2023-36792 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2024-06-28 | 7.8 High |
Visual Studio Remote Code Execution Vulnerability | ||||
CVE-2023-36760 | 1 Microsoft | 1 3d Viewer | 2024-06-28 | 7.8 High |
3D Viewer Remote Code Execution Vulnerability | ||||
CVE-2023-28571 | 1 Qualcomm | 172 8098, 8098 Firmware, 8998 and 169 more | 2024-06-28 | 5.5 Medium |
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | ||||
CVE-2024-5925 | 2024-06-28 | 6.4 Medium | ||
The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-3800 | 2024-06-28 | N/A | ||
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. | ||||
CVE-2024-5642 | 2024-06-28 | N/A | ||
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured). | ||||
CVE-2024-39348 | 2024-06-28 | 7.5 High | ||
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2024-5842 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-06-28 | 8.8 High |
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2024-38531 | 2024-06-28 | 3.6 Low | ||
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. | ||||
CVE-2024-5655 | 2024-06-28 | 9.6 Critical | ||
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances. | ||||
CVE-2024-4901 | 2024-06-28 | 8.7 High | ||
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes. |