Export limit exceeded: 338394 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338394 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9539 | 1 Github | 1 Enterprise Server | 2024-11-15 | 4.3 Medium |
| An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-6985 | 2 Lollms, Parisneo | 2 Lollms, Lollms | 2024-11-15 | 4.4 Medium |
| A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files. | ||||
| CVE-2024-5474 | 1 Lenovo | 2 Dolby Vision Provisioning, Dolby Vision Provisioning Software | 2024-11-15 | 5.5 Medium |
| A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | ||||
| CVE-2024-9487 | 1 Github | 1 Enterprise Server | 2024-11-15 | 9.1 Critical |
| An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-47867 | 1 Gradio Project | 1 Gradio | 2024-11-15 | 7.5 High |
| Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with. | ||||
| CVE-2024-9822 | 1 Pedalo | 1 Pedalo Connector | 2024-11-15 | 9.8 Critical |
| The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator. | ||||
| CVE-2024-34662 | 1 Samsung | 1 Android | 2024-11-15 | 6.2 Medium |
| Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors. | ||||
| CVE-2024-7865 | 2024-11-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2414. Reason: This candidate is a reservation duplicate of CVE-2023-2414. Notes: All CVE users should reference CVE-2023-2414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-6413 | 2024-11-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2414. Reason: This candidate is a reservation duplicate of CVE-2023-2414. Notes: All CVE users should reference CVE-2023-2414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-48966 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-15 | 10 Critical |
| The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | ||||
| CVE-2024-10691 | 2024-11-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9530. Reason: This candidate is a reservation duplicate of CVE-2024-9530. Notes: All CVE users should reference CVE-2024-9530 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-9834 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-15 | 9.3 Critical |
| Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | ||||
| CVE-2024-48967 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-15 | 10 Critical |
| The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance. | ||||
| CVE-2024-39285 | 2024-11-15 | 5.3 Medium | ||
| Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-34028 | 1 Intel | 1 Graphics Offline Compiler For Opencl Code Software | 2024-11-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-52549 | 1 Redhat | 1 Ocp Tools | 2024-11-15 | 4.3 Medium |
| Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. | ||||
| CVE-2024-32048 | 2024-11-15 | 6.5 Medium | ||
| Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-36282 | 1 Intel | 1 Server Board S2600st Firmware | 2024-11-15 | 8.2 High |
| Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-36275 | 2024-11-15 | 6.1 Medium | ||
| NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-31154 | 1 Intel | 1 S2600bpbr Firmware | 2024-11-15 | 7.5 High |
| Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access. | ||||