Latest CVE Feed
-
4.1
MEDIUMCVE-2024-52514
Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwa... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
4.6
MEDIUMCVE-2024-23169
The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation.... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
6.5
MEDIUMCVE-2024-11251
A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads ... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
6.7
MEDIUMCVE-2021-34752
A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vu... Read more
Affected Products : firepower_threat_defense- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.3
MEDIUMCVE-2024-24450
Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
4.3
MEDIUMCVE-2024-3334
A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby comprom... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
9.3
CRITICALCVE-2024-52528
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions.... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
2.4
LOWCVE-2024-46383
Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext.... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.3
MEDIUMCVE-2024-24447
A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list.... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.7
MEDIUMCVE-2024-52515
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.7
MEDIUMCVE-2024-52520
Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server ... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
6.5
MEDIUMCVE-2022-20652
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system.... Read more
Affected Products : secure_workload- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
8.1
HIGHCVE-2022-20649
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulner... Read more
Affected Products : redundancy_configuration_manager- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.3
MEDIUMCVE-2022-20648
A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted. This... Read more
Affected Products : redundancy_configuration_manager- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
2.6
LOWCVE-2024-52513
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommende... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
8.8
HIGHCVE-2022-20655
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affect... Read more
- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
7.7
HIGHCVE-2024-0793
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.... Read more
Affected Products : kubernetes- Published: Nov. 17, 2024
- Modified: Nov. 18, 2024
-
8.7
HIGHCVE-2024-8781
Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.This issue affects Application Security Platform (ASP): v1.4.25.188.... Read more
Affected Products :- Published: Nov. 18, 2024
- Modified: Nov. 18, 2024
-
6.5
MEDIUMCVE-2021-1379
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a relo... Read more
Affected Products :- Published: Nov. 18, 2024
- Modified: Nov. 18, 2024
-
5.3
MEDIUMCVE-2024-52386
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classi... Read more
Affected Products :- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024