Skip to main content
CVE-2024-20787 MEDIUM This Month

Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-9470 MEDIUM This Month

A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9671 MEDIUM This Month

A vulnerability was found in 3Scale. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Scale Api Management Platform
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-9473 MEDIUM This Month

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Microsoft Globalprotect
NVD
CVSS 4.0
5.2
EPSS
0.3%
CVE-2024-9471 MEDIUM This Month

A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-42934 MEDIUM This Month

OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass RCE Denial Of Service
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-46870 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands. Rated medium severity (CVSS 4.7).

Linux Information Disclosure Race Condition Amd Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-47660 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-47668 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-39440 MEDIUM This Month

In DRM service, there is a possible system crash due to null pointer dereference. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39439 MEDIUM This Month

In DRM service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-38815 MEDIUM This Month

VMware NSX contains a content spoofing vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS VMware
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42988 MEDIUM This Month

Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-39586 MEDIUM This Month

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell XXE Emc Appsync
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-47813 LOW PATCH Monitor

Wasmtime is an open source runtime for WebAssembly. Rated low severity (CVSS 2.9). No vendor patch available.

Information Disclosure Wasmtime
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy