CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-38233 Windows Networking Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-38234 Windows Networking Denial of Service Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2024-38235 Windows Hyper-V Denial of Service Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2024-38236 DHCP Server Service Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-38237 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-38238 Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-38239 Windows Kerberos Elevation of Privilege Vulnerability | 7.2 | HIGH | — | 0 |
| CVE-2024-38240 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2024-38241 Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-38242 Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-38243 Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-38244 Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-38245 Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-38246 Win32k Elevation of Privilege Vulnerability | 7.0 | HIGH | — | 0 |
| CVE-2024-48778 An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-8306 CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated us... | 7.8 | HIGH | — | 0 |
| CVE-2024-39378 Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this... | 7.8 | HIGH | — | 0 |
| CVE-2024-41868 Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to byp... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44466 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44851 A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Conte... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-45012 In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on s... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-8707 A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/cont... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-45013 In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") move... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-45014 In the Linux kernel, the following vulnerability has been resolved: s390/boot: Avoid possible physmem_info segment corruption When physical memory for the kernel image is allocated it does not consi... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-45015 In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set with... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-45017 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-8711 A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/.... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-45020 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Furthe... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-45023 In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possi... | 7.1 | HIGH | — | 0 |
| CVE-2024-45024 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb vs. core-mm PT locking We recently made GUP's common page table walking code to also walk hugetlb VMAs wit... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-45030 In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAX_SKB_FRAGS Sabrina reports that the igb driver does not cope well with large MAX_SKB_FRAG values: setting ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-3163 The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack | 4.3 | MEDIUM | — | 0 |
| CVE-2024-46672 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in th... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-5760 The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the ap... | 7.8 | HIGH | — | 0 |
| CVE-2024-7312 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-8097 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This iss... | N/A | NONE | — | 0 |
| CVE-2024-8689 A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. | N/A | NONE | — | 0 |
| CVE-2024-44541 evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8693 A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulat... | 2.4 | LOW | — | 0 |
| CVE-2024-5799 The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripti... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-29847 Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-32840 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
| CVE-2024-32842 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
| CVE-2024-32843 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
| CVE-2024-32845 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
| CVE-2024-32846 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
| CVE-2024-32848 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
| CVE-2024-34779 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
| CVE-2024-34783 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
| CVE-2024-34785 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.