Total
27847 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5652 | 1 Docker | 1 Desktop | 2024-07-12 | N/A | 5.5 MEDIUM |
| In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode. | |||||
| CVE-2024-6237 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2024-07-12 | N/A | 6.5 MEDIUM |
| A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service. | |||||
| CVE-2023-48194 | 1 Tenda | 2 Ac8v4, Ac8v4 Firmware | 2024-07-12 | N/A | 9.8 CRITICAL |
| Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained. | |||||
| CVE-2024-6222 | 4 Apple, Docker, Linux and 1 more | 4 Macos, Desktop, Linux Kernel and 1 more | 2024-07-12 | N/A | 7.0 HIGH |
| In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default. | |||||
| CVE-2024-6554 | 1 Wpmudev | 1 Branda | 2024-07-12 | N/A | 5.3 MEDIUM |
| The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-2880 | 1 Gitlab | 1 Gitlab | 2024-07-12 | N/A | 2.7 LOW |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members. | |||||
| CVE-2024-5257 | 1 Gitlab | 1 Gitlab | 2024-07-12 | N/A | 2.7 LOW |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace. | |||||
| CVE-2024-5470 | 1 Gitlab | 1 Gitlab | 2024-07-12 | N/A | 2.7 LOW |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens. | |||||
| CVE-2024-6624 | 1 Parorrey | 1 Json Api User | 2024-07-12 | N/A | 9.8 CRITICAL |
| The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed. | |||||
| CVE-2024-6385 | 1 Gitlab | 1 Gitlab | 2024-07-12 | N/A | 9.8 CRITICAL |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | |||||
| CVE-2024-6407 | 1 Schneider-electric | 2 Whc-5918a, Whc-5918a Firmware | 2024-07-12 | N/A | 7.5 HIGH |
| CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device. | |||||
| CVE-2024-38072 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2024-07-12 | N/A | 7.5 HIGH |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | |||||
| CVE-2024-38073 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-07-12 | N/A | 7.5 HIGH |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | |||||
| CVE-2024-38074 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-07-12 | N/A | 9.8 CRITICAL |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-38076 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2024-07-12 | N/A | 9.8 CRITICAL |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-38077 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-07-12 | N/A | 9.8 CRITICAL |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-38078 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 | 2024-07-12 | N/A | 7.5 HIGH |
| Xbox Wireless Adapter Remote Code Execution Vulnerability | |||||
| CVE-2024-38079 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-07-12 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2023-4297 | 1 Mediamanifesto | 1 Mmm Simple File List | 2024-07-12 | N/A | 4.3 MEDIUM |
| The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. | |||||
| CVE-2024-38085 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-07-12 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||