Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-42377 SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low im... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-39591 SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-41734 Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-42373 SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could al... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-38688 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-43775 SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. | 8.8 | HIGH | β | 0 |
| CVE-2024-43138 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event M... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43140 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ult... | 7.5 | HIGH | β | 0 |
| CVE-2024-7733 A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site... | 3.5 | LOW | β | 0 |
| CVE-2024-7569 An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug informatio... | 9.6 | CRITICAL | β | 0 |
| CVE-2024-7570 Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as ... | 8.3 | HIGH | β | 0 |
| CVE-2024-38483 Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading t... | 5.8 | MEDIUM | β | 0 |
| CVE-2024-23489 Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-43776 SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. | 8.8 | HIGH | β | 0 |
| CVE-2024-23491 Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-23495 Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-23497 Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of priv... | 8.8 | HIGH | β | 0 |
| CVE-2024-23499 Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially en... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-23907 Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-23908 Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via loc... | 6.7 | MEDIUM | β | 0 |
| CVE-2024-23909 Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-23981 Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privil... | 8.8 | HIGH | β | 0 |
| CVE-2024-6919 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPre... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25562 Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | 5.8 | MEDIUM | β | 0 |
| CVE-2024-25576 improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | 7.9 | HIGH | β | 0 |
| CVE-2024-26022 Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | β | 0 |
| CVE-2024-26025 Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-26027 Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-27461 Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. | 5.6 | MEDIUM | β | 0 |
| CVE-2024-28046 Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-28050 Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | 5.0 | MEDIUM | β | 0 |
| CVE-2024-28172 Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-28876 Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-28887 Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-28947 Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privile... | 8.2 | HIGH | β | 0 |
| CVE-2024-29015 Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-34163 Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. | 7.5 | HIGH | β | 0 |
| CVE-2024-34127 InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabil... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-34134 Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to by... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-41856 Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.... | 7.8 | HIGH | β | 0 |
| CVE-2024-28799 IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurat... | 5.6 | MEDIUM | β | 0 |
| CVE-2023-50315 IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-39818 Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | 7.5 | HIGH | β | 0 |
| CVE-2024-39822 Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-39825 Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. | 8.5 | HIGH | β | 0 |
| CVE-2024-42435 Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | 4.9 | MEDIUM | β | 0 |
| CVE-2024-42436 Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-42437 Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-42941 Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) ... | 7.5 | HIGH | β | 0 |
| CVE-2024-42438 Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.