CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-11007 Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated at... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-43415 An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipula... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-47905 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a ... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-47907 A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2024-47909 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a ... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-50317 A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2024-50321 An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2024-50322 Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction ... | 7.8 | HIGH | — | 0 |
| CVE-2024-50323 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction i... | 7.8 | HIGH | — | 0 |
| CVE-2024-50324 Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code ... | 7.2 | HIGH | — | 0 |
| CVE-2024-52296 libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. At ospd_common.c, on the osdp_reply_name function... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-50326 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code e... | 7.2 | HIGH | — | 0 |
| CVE-2024-50327 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code e... | 7.2 | HIGH | — | 0 |
| CVE-2024-50328 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code e... | 7.2 | HIGH | — | 0 |
| CVE-2024-50329 Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User inte... | 8.8 | HIGH | — | 0 |
| CVE-2024-10943 An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-10944 A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of... | 8.4 | HIGH | — | 0 |
| CVE-2024-10945 A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a fa... | 7.3 | HIGH | — | 0 |
| CVE-2024-49514 Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current... | 7.8 | HIGH | — | 0 |
| CVE-2024-49521 Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this ... | 7.7 | HIGH | — | 0 |
| CVE-2024-49526 Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue ... | 7.8 | HIGH | — | 0 |
| CVE-2024-49527 Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypa... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-47427 Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of... | 7.8 | HIGH | — | 0 |
| CVE-2024-49528 Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this ... | 7.8 | HIGH | — | 0 |
| CVE-2024-51749 Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. ... | 3.5 | LOW | — | 0 |
| CVE-2024-51750 Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messag... | 5.0 | MEDIUM | — | 0 |
| CVE-2024-52010 Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on t... | N/A | NONE | — | 0 |
| CVE-2024-9999 In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in wit... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-21949 Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-21974 Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | 8.8 | HIGH | — | 0 |
| CVE-2024-21975 Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | 8.8 | HIGH | — | 0 |
| CVE-2024-38203 Windows Package Library Manager Information Disclosure Vulnerability | 6.2 | MEDIUM | — | 0 |
| CVE-2024-38255 SQL Server Native Client Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-38264 Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | 5.9 | MEDIUM | — | 0 |
| CVE-2024-43447 Windows SMBv3 Server Remote Code Execution Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2024-43449 Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 | MEDIUM | — | 0 |
| CVE-2024-43450 Windows DNS Spoofing Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-43452 Windows Registry Elevation of Privilege Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-28881 Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2024-43459 SQL Server Native Client Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-43462 SQL Server Native Client Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-43498 .NET and Visual Studio Remote Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2024-43499 .NET and Visual Studio Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-43530 Windows Update Stack Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-43598 LightGBM Remote Code Execution Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2024-43602 Azure CycleCloud Remote Code Execution Vulnerability | 9.9 | CRITICAL | — | 0 |
| CVE-2024-43620 Windows Telephony Service Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-43621 Windows Telephony Service Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-43622 Windows Telephony Service Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-43623 Windows NT OS Kernel Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.