Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21319 | 1 Microsoft | 3 .net, Identity Model, Visual Studio 2022 | 2024-05-29 | N/A | 6.8 MEDIUM |
| Microsoft Identity Denial of service vulnerability | |||||
| CVE-2024-21316 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2024-05-29 | N/A | 6.1 MEDIUM |
| Windows Server Key Distribution Service Security Feature Bypass | |||||
| CVE-2024-21315 | 2024-05-29 | N/A | 7.8 HIGH | ||
| Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | |||||
| CVE-2024-21312 | 1 Microsoft | 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2024-20684 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-05-29 | N/A | 6.5 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-0057 | 1 Microsoft | 17 .net, .net Framework, Powershell and 14 more | 2024-05-29 | N/A | 9.8 CRITICAL |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | |||||
| CVE-2020-1025 | 1 Microsoft | 5 Lync, Sharepoint Enterprise Server, Sharepoint Foundation and 2 more | 2024-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens. | |||||
| CVE-2024-0218 | 2024-05-28 | N/A | 7.5 HIGH | ||
| A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted. | |||||
| CVE-2023-32649 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | N/A | 7.5 HIGH |
| A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed. | |||||
| CVE-2023-24015 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | N/A | 4.3 MEDIUM |
| A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading. | |||||
| CVE-2023-23903 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | N/A | 4.9 MEDIUM |
| An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention. | |||||
| CVE-2022-0551 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | |||||
| CVE-2022-0550 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | |||||
| CVE-2024-28979 | 1 Dell | 1 Openmanage Enterprise | 2024-05-23 | N/A | 4.8 MEDIUM |
| Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection. | |||||
| CVE-2024-29998 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-05-23 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-30002 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-05-23 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-1481 | 2024-05-22 | N/A | 5.3 MEDIUM | ||
| A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | |||||
| CVE-2024-4287 | 2024-05-20 | N/A | 8.1 HIGH | ||
| In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts. | |||||
| CVE-2021-22508 | 2024-05-20 | N/A | 7.2 HIGH | ||
| A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application. | |||||
| CVE-2024-4609 | 2024-05-17 | N/A | N/A | ||
| A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. | |||||