Total
9146 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13110 | 2025-01-02 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java, of the component Exam Answer Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7319 | 2 Openstack, Redhat | 3 Heat, Openstack, Openstack Platform | 2025-01-02 | 5 Medium |
| An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied. | ||||
| CVE-2023-35636 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-01-01 | 6.5 Medium |
| Microsoft Outlook Information Disclosure Vulnerability | ||||
| CVE-2023-35625 | 1 Microsoft | 1 Azure Machine Learning Software Development Kit | 2025-01-01 | 4.7 Medium |
| Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | ||||
| CVE-2023-36043 | 1 Microsoft | 1 System Center Operations Manager | 2025-01-01 | 6.5 Medium |
| Open Management Infrastructure Information Disclosure Vulnerability | ||||
| CVE-2023-29348 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-01 | 7.5 High |
| Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | ||||
| CVE-2023-35391 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2025-01-01 | 6.2 Medium |
| ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2023-36908 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 6.5 Medium |
| Windows Hyper-V Information Disclosure Vulnerability | ||||
| CVE-2023-33174 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 5.5 Medium |
| Windows Cryptographic Information Disclosure Vulnerability | ||||
| CVE-2024-26177 | 1 Microsoft | 7 Windows 10 1507, Windows 10 1607, Windows 11 23h2 and 4 more | 2024-12-31 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2024-37325 | 1 Microsoft | 1 Azure Data Science Virtual Machine | 2024-12-31 | 8.1 High |
| Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | ||||
| CVE-2024-35263 | 1 Microsoft | 1 Dynamics 365 | 2024-12-31 | 5.7 Medium |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2024-30096 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-12-31 | 5.5 Medium |
| Windows Cryptographic Services Information Disclosure Vulnerability | ||||
| CVE-2024-21380 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-12-31 | 8 High |
| Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | ||||
| CVE-2024-21320 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-31 | 6.5 Medium |
| Windows Themes Spoofing Vulnerability | ||||
| CVE-2024-47922 | 2024-12-30 | 7.5 High | ||
| Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-47923 | 2024-12-30 | 5.3 Medium | ||
| Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-56509 | 2024-12-27 | 8.6 High | ||
| changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd or file: ///etc/passwd can bypass weak validations and allow unauthorized access to sensitive files. Even though this has been addressed in previous patch, it is still insufficient. This vulnerability is fixed in 0.48.05. | ||||
| CVE-2017-7923 | 1 Hikvision | 116 Ds-2cd2032-i, Ds-2cd2032-i Firmware, Ds-2cd2112-i and 113 more | 2024-12-27 | N/A |
| A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. | ||||
| CVE-2024-45805 | 2024-12-27 | 4.3 Medium | ||
| OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0. | ||||