Export limit exceeded: 35283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35283 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38301 | 1 Dell | 1 Alienware Command Center | 2024-11-21 | 6.7 Medium |
| Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure. | ||||
| CVE-2024-37999 | 1 Siemens | 1 Medicalis Workflow Orchestrator | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges. | ||||
| CVE-2024-37884 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3. | ||||
| CVE-2024-37883 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.3 Medium |
| Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1. | ||||
| CVE-2024-37769 | 1 B1ackc4t | 1 14finger | 2024-11-21 | 8.8 High |
| Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. | ||||
| CVE-2024-37346 | 1 Absolute | 1 Secure Access | 2024-11-21 | 4.9 Medium |
| There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high. | ||||
| CVE-2024-37316 | 1 Nextcloud | 1 Calendar | 2024-11-21 | 4.6 Medium |
| Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2. | ||||
| CVE-2024-37315 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3. | ||||
| CVE-2024-37182 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 4.7 Medium |
| Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes. | ||||
| CVE-2024-37139 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | 6.5 Medium |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application. | ||||
| CVE-2024-37107 | 1 Wishlistmember | 1 Wishlist Member X | 2024-11-21 | 8.8 High |
| Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7. | ||||
| CVE-2024-37084 | 1 Vmware | 1 Spring Cloud Data Flow | 2024-11-21 | 9.8 Critical |
| In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | ||||
| CVE-2024-37014 | 1 Langflow | 1 Langflow | 2024-11-21 | 8.8 High |
| Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | ||||
| CVE-2024-36501 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.6 Medium |
| Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | ||||
| CVE-2024-36500 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.8 High |
| Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-36499 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 6.8 Medium |
| Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-36287 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-11-21 | 3.8 Low |
| Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. | ||||
| CVE-2024-36122 | 1 Discourse | 1 Discourse | 2024-11-21 | 2.4 Low |
| Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue. | ||||
| CVE-2024-35776 | 1 Exeebit | 1 Phpinfo-wp | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0. | ||||
| CVE-2024-35178 | 2 Jupyter, Microsoft | 2 Jupyter Server, Windows | 2024-11-21 | 7.5 High |
| The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1. | ||||