Total
4871 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13110 | 2025-01-02 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java, of the component Exam Answer Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-21751 | 1 Microsoft | 1 Azure Devops Server | 2025-01-01 | 6.5 Medium |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2023-36889 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 5.5 Medium |
| Windows Group Policy Security Feature Bypass Vulnerability | ||||
| CVE-2023-33155 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2025-01-01 | 7.8 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-32009 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-01-01 | 8.8 High |
| Windows Collaborative Translation Framework Elevation of Privilege Vulnerability | ||||
| CVE-2023-21777 | 1 Microsoft | 2 Azure App Service On Azure Stack, Azure Stack Hub | 2025-01-01 | 8.7 High |
| Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2023-21752 | 1 Microsoft | 11 Windows 10, Windows 10 1507, Windows 10 1607 and 8 more | 2025-01-01 | 7.1 High |
| Windows Backup Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-21750 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-01-01 | 7.1 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-21531 | 1 Microsoft | 1 Azure Service Fabric | 2025-01-01 | 7 High |
| Azure Service Fabric Container Elevation of Privilege Vulnerability | ||||
| CVE-2024-38016 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-12-31 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2024-43479 | 1 Microsoft | 2 Power Automate, Power Automate For Desktop | 2024-12-31 | 8.5 High |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability | ||||
| CVE-2024-37341 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2024-12-31 | 8.8 High |
| Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
| CVE-2024-43492 | 1 Microsoft | 1 Autoupdate | 2024-12-31 | 7.8 High |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | ||||
| CVE-2024-38220 | 1 Microsoft | 1 Azure Stack Hub | 2024-12-31 | 9 Critical |
| Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2024-0104 | 1 Nvidia | 8 Mga100-hs2, Mlnx-gw, Mlnx-os and 5 more | 2024-12-26 | 4.2 Medium |
| NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | ||||
| CVE-2020-3503 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2024-12-19 | 6 Medium |
| A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. | ||||
| CVE-2023-28809 | 1 Hikvision | 52 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 49 more | 2024-12-18 | 7.5 High |
| Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user. | ||||
| CVE-2024-31320 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-34725 | 1 Google | 1 Android | 2024-12-17 | 7.0 High |
| In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-0025 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||