Total
27847 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36948 | 1 Microsoft | 8 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 5 more | 2024-07-26 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Update Medic Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-07-26 | N/A | 9.8 CRITICAL |
| Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | |||||
| CVE-2023-7271 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 5.5 MEDIUM |
| Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-39670 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 5.5 MEDIUM |
| Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-39674 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 5.5 MEDIUM |
| Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-39673 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 7.1 HIGH |
| Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-39672 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 7.1 HIGH |
| Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | |||||
| CVE-2021-26858 | 1 Microsoft | 1 Exchange Server | 2024-07-25 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2024-31970 | 1 Adtran | 2 834-5, Sdg Smartos | 2024-07-25 | N/A | 8.8 HIGH |
| AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. | |||||
| CVE-2024-40575 | 1 Huawei | 1 Opengauss | 2024-07-25 | N/A | 5.5 MEDIUM |
| An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes | |||||
| CVE-2021-27085 | 1 Microsoft | 7 Internet Explorer, Windows 10 1803, Windows 10 1809 and 4 more | 2024-07-25 | 7.6 HIGH | 8.8 HIGH |
| Internet Explorer Remote Code Execution Vulnerability | |||||
| CVE-2021-27059 | 1 Microsoft | 1 Office | 2024-07-25 | 8.5 HIGH | 7.6 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2019-0808 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-07-25 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797. | |||||
| CVE-2024-5973 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-07-25 | N/A | 8.8 HIGH |
| The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have. | |||||
| CVE-2024-37391 | 2 Microsoft, Proton | 2 Windows, Protonvpn | 2024-07-25 | N/A | 9.8 CRITICAL |
| ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. | |||||
| CVE-2018-20062 | 1 5none | 1 Nonecms | 2024-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. | |||||
| CVE-2018-11776 | 3 Apache, Netapp, Oracle | 8 Struts, Active Iq Unified Manager, Oncommand Insight and 5 more | 2024-07-25 | 9.3 HIGH | 8.1 HIGH |
| Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. | |||||
| CVE-2023-31416 | 1 Elastic | 2 Apm Server, Elastic Cloud On Kubernetes | 2024-07-25 | N/A | 5.3 MEDIUM |
| Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. | |||||
| CVE-2017-0143 | 3 Microsoft, Philips, Siemens | 28 Server Message Block, Windows 10 1507, Windows 10 1511 and 25 more | 2024-07-25 | 9.3 HIGH | 8.8 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | |||||
| CVE-2016-7255 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2024-07-25 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||