Filtered by vendor
Subscriptions
Total
1770 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38137 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2024-10-16 | 7 High |
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | ||||
CVE-2024-38136 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2024-10-16 | 7 High |
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | ||||
CVE-2024-38191 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-10-16 | 7.8 High |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-43701 | 1 Imaginationtech | 1 Graphics Ddk | 2024-10-15 | 7.8 High |
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | ||||
CVE-2024-43467 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-10-09 | 7.5 High |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
CVE-2024-20509 | 1 Cisco | 50 Meraki Mx100, Meraki Mx100 Firmware, Meraki Mx105 and 47 more | 2024-10-08 | 5.8 Medium |
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device. | ||||
CVE-2024-45300 | 1 Alf | 1 Alf | 2024-09-29 | 7.5 High |
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue. | ||||
CVE-2024-42488 | 1 Cilium | 1 Cilium | 2024-09-27 | 6.8 Medium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass. This issue has been patched in Cilium v1.14.14 and v1.15.8 As the underlying issue depends on a race condition, users unable to upgrade can restart the Cilium agent on affected nodes until the affected policies are confirmed to be working as expected. | ||||
CVE-2024-23599 | 2024-09-16 | 7.9 High | ||
Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access. | ||||
CVE-2023-41833 | 1 Ieisystem | 1 Uefi Firmware | 2024-09-16 | 7.5 High |
A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-7627 | 1 Bitapps | 1 File Manager | 2024-09-11 | 8.1 High |
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions. | ||||
CVE-2024-6996 | 1 Google | 1 Chrome | 2024-08-08 | 3.1 Low |
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2024-26905 | 2024-07-29 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2024-27430 | 2024-05-25 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2024-27428 | 2024-05-25 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2024-27427 | 2024-05-25 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2024-27426 | 2024-05-25 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2024-27425 | 2024-05-25 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2024-27424 | 2024-05-25 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2024-27423 | 2024-05-25 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |