Total
1295 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-28917 | 2024-04-10 | N/A | 6.2 MEDIUM | ||
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | |||||
CVE-2024-28922 | 2024-04-10 | N/A | 4.1 MEDIUM | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-26234 | 2024-04-10 | N/A | 6.7 MEDIUM | ||
Proxy Driver Spoofing Vulnerability | |||||
CVE-2024-29993 | 2024-04-10 | N/A | 8.8 HIGH | ||
Azure CycleCloud Elevation of Privilege Vulnerability | |||||
CVE-2024-29054 | 2024-04-10 | N/A | 7.2 HIGH | ||
Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
CVE-2024-21424 | 2024-04-10 | N/A | 6.5 MEDIUM | ||
Azure Compute Gallery Elevation of Privilege Vulnerability | |||||
CVE-2024-23675 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 6.5 MEDIUM |
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | |||||
CVE-2023-1083 | 2024-04-09 | N/A | 9.8 CRITICAL | ||
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | |||||
CVE-2024-2447 | 2024-04-05 | N/A | 6.5 MEDIUM | ||
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action. | |||||
CVE-2024-29221 | 2024-04-05 | N/A | 4.7 MEDIUM | ||
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | |||||
CVE-2024-21848 | 2024-04-05 | N/A | 3.1 LOW | ||
Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel | |||||
CVE-2024-31207 | 2024-04-04 | N/A | 5.9 MEDIUM | ||
Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18. | |||||
CVE-2024-2759 | 2024-04-04 | N/A | N/A | ||
Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4. | |||||
CVE-2024-20302 | 2024-04-03 | N/A | 5.4 MEDIUM | ||
A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete tenant templates under non-associated tenants, which could disrupt network traffic. | |||||
CVE-2024-20283 | 2024-04-03 | N/A | 4.3 MEDIUM | ||
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster. | |||||
CVE-2016-8399 | 1 Linux | 1 Linux Kernel | 2024-04-02 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. | |||||
CVE-2024-28016 | 2024-04-02 | N/A | N/A | ||
Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to get device informations via the internet. | |||||
CVE-2024-25962 | 2024-03-27 | N/A | 8.3 HIGH | ||
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. | |||||
CVE-2022-32257 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-03-25 | N/A | 9.8 CRITICAL |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. | |||||
CVE-2024-24693 | 1 Zoom | 1 Rooms | 2024-03-22 | N/A | 5.5 MEDIUM |
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. |