Export limit exceeded: 334666 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334666 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21857 | 1 Intel | 1 Oneapi Compiler Software | 2024-08-14 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-41906 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | 4.8 Medium |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. | ||||
| CVE-2024-41905 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | 6.8 Medium |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. | ||||
| CVE-2024-21806 | 2024-08-14 | 5.5 Medium | ||
| Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-28953 | 1 Intel | 1 Emon Software | 2024-08-14 | 6.7 Medium |
| Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-24983 | 1 Intel | 1 Ethernet Complete Driver Pack | 2024-08-14 | 6.5 Medium |
| Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2023-35123 | 2024-08-14 | 4.3 Medium | ||
| Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access. | ||||
| CVE-2024-23974 | 1 Intel | 1 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack | 2024-08-14 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34424 | 2024-08-14 | 4.4 Medium | ||
| Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2023-43747 | 1 Intel | 1 Connectivity Performance Suite | 2024-08-14 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21787 | 1 Bmra Software | 1 Bmra Software | 2024-08-14 | 6.4 Medium |
| Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-48361 | 2024-08-14 | 2.3 Low | ||
| Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-22378 | 1 Intel | 1 Unite | 2024-08-14 | 6.7 Medium |
| Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22376 | 1 Intel | 1 Ethernet Adapter Complete Driver Pack | 2024-08-14 | 6.7 Medium |
| Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-39922 | 2024-08-14 | 4.6 Medium | ||
| A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs. | ||||
| CVE-2024-42738 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-14 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-41711 | 1 Mitel | 4 6800 Series Sip Phones, 6900 Series Sip Phones, 6900w Series Sip Phone and 1 more | 2024-08-14 | 6.8 Medium |
| A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. | ||||
| CVE-2024-42739 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-14 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-43150 | 2024-08-14 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.4.2. | ||||
| CVE-2024-39400 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | 8.1 High |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts. | ||||