The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-30274 | Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 16, 2024 |
| CVE-2024-30060 | Azure Monitor Agent Elevation of Privilege Vulnerability | -- | May 16, 2024 |
| CVE-2024-27260 | IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | -- | May 16, 2024 |
| CVE-2024-27244 | Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-27243 | Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access. | -- | May 16, 2024 |
| CVE-2024-24981 | Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-23980 | Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-23487 | Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-22476 | Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. | -- | May 16, 2024 |
| CVE-2024-22390 | Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service. | -- | May 16, 2024 |
| CVE-2024-22384 | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. | -- | May 16, 2024 |
| CVE-2024-22382 | Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-22379 | Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-22095 | Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-22015 | Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. | -- | May 16, 2024 |
| CVE-2024-21864 | Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access. | -- | May 16, 2024 |
| CVE-2024-21862 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21861 | Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21843 | Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21841 | Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21837 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21835 | Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21831 | Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21828 | Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21823 | Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2024-21818 | Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21814 | Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21813 | Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21809 | Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21792 | Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. | -- | May 16, 2024 |
| CVE-2024-21788 | Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21777 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21774 | Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-21772 | Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2024-20793 | Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 16, 2024 |
| CVE-2024-20792 | Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 16, 2024 |
| CVE-2024-20791 | Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | May 16, 2024 |
| CVE-2024-20389 | A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user. | -- | May 16, 2024 |
| CVE-2024-20326 | A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user. | -- | May 16, 2024 |
| CVE-2024-5023 | Improper Neutralization of Special Elements used in a Command (\'Command Injection\') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0. | -- | May 16, 2024 |
| CVE-2024-4999 | A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352. | -- | May 16, 2024 |
| CVE-2024-4993 | Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials. | -- | May 16, 2024 |
| CVE-2024-4992 | Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it. | -- | May 16, 2024 |
| CVE-2024-4991 | Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it. | -- | May 16, 2024 |
| CVE-2024-4984 | The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | May 16, 2024 |
| CVE-2024-4976 | Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference. | -- | May 16, 2024 |
| CVE-2024-4956 | Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. | -- | May 16, 2024 |
| CVE-2024-4950 | Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | -- | May 16, 2024 |
| CVE-2024-4949 | Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | -- | May 16, 2024 |
| CVE-2024-4948 | Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | -- | May 16, 2024 |
