Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-20339 A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of serv... | 8.6 | HIGH | — | 0 |
| CVE-2024-20342 Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate lim... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20351 A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remo... | 8.6 | HIGH | — | 0 |
| CVE-2024-20374 A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote att... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-20384 A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote ... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20407 A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker t... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20408 A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote ... | 7.7 | HIGH | — | 0 |
| CVE-2024-20494 A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attac... | 8.6 | HIGH | — | 0 |
| CVE-2024-20495 A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker t... | 8.6 | HIGH | — | 0 |
| CVE-2024-44098 In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution p... | 7.4 | HIGH | — | 0 |
| CVE-2024-47013 In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileg... | 7.8 | HIGH | — | 0 |
| CVE-2024-47014 Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. | 8.8 | HIGH | — | 0 |
| CVE-2024-47015 In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with b... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-47016 there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need... | 7.8 | HIGH | — | 0 |
| CVE-2024-47030 Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. | 5.1 | MEDIUM | — | 0 |
| CVE-2024-47031 Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. | 7.4 | HIGH | — | 0 |
| CVE-2024-10455 Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block | 7.5 | HIGH | — | 0 |
| CVE-2024-9632 A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload... | 7.8 | HIGH | — | 0 |
| CVE-2024-43382 Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provide... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-37119 Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a thro... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-37470 Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8. | 8.2 | HIGH | — | 0 |
| CVE-2024-43223 Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-10114 The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being retur... | 8.1 | HIGH | — | 0 |
| CVE-2024-7995 A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitat... | 7.8 | HIGH | — | 0 |
| CVE-2024-20457 A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive informa... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-47684 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | N/A | NONE | — | 0 |
| CVE-2024-20504 A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, rem... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-20511 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could al... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-20514 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-20536 A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to e... | 8.8 | HIGH | — | 0 |
| CVE-2024-20540 A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a st... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-47685 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | N/A | NONE | — | 0 |
| CVE-2024-43426 A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed. | 7.5 | HIGH | — | 0 |
| CVE-2024-43436 A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators. | 7.2 | HIGH | — | 0 |
| CVE-2024-43438 A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report. | 7.5 | HIGH | — | 0 |
| CVE-2024-46954 An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. | 7.8 | HIGH | — | 0 |
| CVE-2024-46891 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenti... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-20871 A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote a... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-46894 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-8534 Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR t... | 8.1 | HIGH | — | 0 |
| CVE-2024-8535 Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount... | 8.1 | HIGH | — | 0 |
| CVE-2023-4458 A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the e... | 4.0 | MEDIUM | — | 0 |
| CVE-2024-7730 A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit t... | 7.4 | HIGH | — | 0 |
| CVE-2022-20931 A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the softw... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-20154 A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vuln... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-20373 A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthentic... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-20626 A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a us... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20631 A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. ... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-20634 A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to impro... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-1491 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the d... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.