Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    CVSS30
    CVE-2024-12831

    Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 8.1

    CVSS30
    CVE-2024-12830

    Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.2

    CVSS30
    CVE-2024-12829

    Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vuln... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 0.0

    NONE
    CVE-2024-54663

    An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 4.0

    CVSS31
    CVE-2024-54009

    Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.8

    CVSS31
    CVE-2024-12700

    There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 0.0

    NONE
    CVE-2024-54984

    An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 0.0

    NONE
    CVE-2024-54983

    An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 0.0

    NONE
    CVE-2024-54982

    An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.8

    CVSS31
    CVE-2024-12729

    A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).... Read more

    Affected Products : firewall
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 0.0

    NONE
    CVE-2024-2201

    A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.... Read more

    Affected Products : xen
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CVSS31
    CVE-2024-12728

    A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).... Read more

    Affected Products : firewall
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CVSS31
    CVE-2024-12727

    A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchang... Read more

    Affected Products : firewall
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 0.0

    NONE
    CVE-2024-12175

    Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage ... Read more

    Affected Products : arena
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 0.0

    NONE
    CVE-2024-11364

    Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat ac... Read more

    Affected Products : arena
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 0.0

    NONE
    CVE-2024-11157

    A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code... Read more

    Affected Products : arena
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.5

    CVSS31
    CVE-2024-7139

    Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service.  If a watchdog timer is not enabled, a hard reset is required to rec... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.5

    CVSS31
    CVE-2024-7138

    An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.5

    CVSS31
    CVE-2024-7137

    The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed d... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.5

    CVSS31
    CVE-2024-53991

    Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the D... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 155 Results
© cvefeed.io
Latest DB Update: Dec. 21, 2024 17:56