Total
9840 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-21315 | 2024-04-11 | N/A | 7.8 HIGH | ||
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | |||||
CVE-2024-21312 | 1 Microsoft | 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more | 2024-04-11 | N/A | 7.5 HIGH |
.NET Framework Denial of Service Vulnerability | |||||
CVE-2024-20684 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-04-11 | N/A | 6.5 MEDIUM |
Windows Hyper-V Denial of Service Vulnerability | |||||
CVE-2024-0057 | 1 Microsoft | 17 .net, .net Framework, Powershell and 14 more | 2024-04-11 | N/A | 9.8 CRITICAL |
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | |||||
CVE-2024-0218 | 2024-04-10 | N/A | 7.5 HIGH | ||
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted. | |||||
CVE-2024-3385 | 2024-04-10 | N/A | 7.5 HIGH | ||
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls | |||||
CVE-2024-3101 | 2024-04-10 | N/A | 6.7 MEDIUM | ||
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access. | |||||
CVE-2024-20670 | 2024-04-10 | N/A | 8.1 HIGH | ||
Outlook for Windows Spoofing Vulnerability | |||||
CVE-2024-26253 | 2024-04-10 | N/A | 6.8 MEDIUM | ||
Windows rndismp6.sys Remote Code Execution Vulnerability | |||||
CVE-2024-28897 | 2024-04-10 | N/A | 6.8 MEDIUM | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-26189 | 2024-04-10 | N/A | 8.0 HIGH | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-25116 | 2024-04-10 | N/A | 5.5 MEDIUM | ||
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | |||||
CVE-2024-26240 | 2024-04-10 | N/A | 8.0 HIGH | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-21507 | 2024-04-10 | N/A | 6.5 MEDIUM | ||
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | |||||
CVE-2024-20758 | 2024-04-10 | N/A | 9.0 CRITICAL | ||
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. | |||||
CVE-2015-6461 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-04-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | |||||
CVE-2018-7761 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-04-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. | |||||
CVE-2021-22787 | 1 Schneider-electric | 28 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 25 more | 2024-04-10 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | |||||
CVE-2024-29946 | 1 Splunk | 1 Splunk | 2024-04-10 | N/A | 8.1 HIGH |
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. | |||||
CVE-2024-23678 | 1 Splunk | 1 Splunk | 2024-04-10 | N/A | 8.8 HIGH |
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. |