Total
26023 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22506 | 1 Microfocus | 1 Access Manager | 2024-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. | |||||
| CVE-2021-1870 | 3 Apple, Fedoraproject, Webkitgtk | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2024-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-1871 | 3 Apple, Debian, Fedoraproject | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2024-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2020-0878 | 1 Microsoft | 19 Chakracore, Edge, Internet Explorer and 16 more | 2024-07-26 | 5.1 MEDIUM | 4.2 MEDIUM |
| <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> | |||||
| CVE-2021-36948 | 1 Microsoft | 8 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 5 more | 2024-07-26 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Update Medic Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-07-26 | N/A | 9.8 CRITICAL |
| Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | |||||
| CVE-2023-7271 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 5.5 MEDIUM |
| Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-39670 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 5.5 MEDIUM |
| Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-39674 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 5.5 MEDIUM |
| Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-39673 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 7.1 HIGH |
| Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-39672 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 7.1 HIGH |
| Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | |||||
| CVE-2021-26858 | 1 Microsoft | 1 Exchange Server | 2024-07-25 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2024-31970 | 1 Adtran | 2 834-5, Sdg Smartos | 2024-07-25 | N/A | 8.8 HIGH |
| AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. | |||||
| CVE-2024-40575 | 1 Huawei | 1 Opengauss | 2024-07-25 | N/A | 5.5 MEDIUM |
| An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes | |||||
| CVE-2021-27085 | 1 Microsoft | 7 Internet Explorer, Windows 10 1803, Windows 10 1809 and 4 more | 2024-07-25 | 7.6 HIGH | 8.8 HIGH |
| Internet Explorer Remote Code Execution Vulnerability | |||||
| CVE-2021-27059 | 1 Microsoft | 1 Office | 2024-07-25 | 8.5 HIGH | 7.6 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2019-0808 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-07-25 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797. | |||||
| CVE-2024-5973 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-07-25 | N/A | 8.8 HIGH |
| The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have. | |||||
| CVE-2024-37391 | 2 Microsoft, Proton | 2 Windows, Protonvpn | 2024-07-25 | N/A | 9.8 CRITICAL |
| ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. | |||||
| CVE-2018-20062 | 1 5none | 1 Nonecms | 2024-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. | |||||