Total
2821 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34112 | 2024-08-02 | 7.5 High | ||
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-33898 | 2024-08-02 | 9.8 Critical | ||
| Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2024-33666 | 1 Zimmad | 1 Zimmad | 2024-08-02 | 8.6 High |
| An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents. | ||||
| CVE-2024-33647 | 1 Siemens | 1 Polarion | 2024-08-02 | 6.5 Medium |
| A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects. | ||||
| CVE-2024-33393 | 1 Spidernet-io | 1 Spiderpool | 2024-08-02 | 6.2 Medium |
| An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | ||||
| CVE-2024-33396 | 1 Karmada-io | 1 Karmada | 2024-08-02 | 8.4 High |
| An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | ||||
| CVE-2024-33260 | 1 Jerryscript | 1 Jerryscript | 2024-08-02 | 5.1 Medium |
| Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c | ||||
| CVE-2024-32969 | 2024-08-02 | 2.7 Low | ||
| vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3. | ||||
| CVE-2024-32973 | 2024-08-02 | 4.8 Medium | ||
| Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session. This results in the HTTP library and socket.starttls providing less transport integrity than expected. This issue has been patched in pull request #851 which has been included in version 0.9.3. Users are advised to upgrade. there are no known workarounds for this vulnerability. | ||||
| CVE-2024-32418 | 1 Flusity | 1 Flusity | 2024-08-02 | 9.8 Critical |
| An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. | ||||
| CVE-2024-32045 | 2024-08-02 | 5.9 Medium | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members of. | ||||
| CVE-2024-31964 | 1 Mitel | 3 6800 Series Sip Phones, 6900w Series Sip Phone, 6970 Conference Unit | 2024-08-02 | 7.5 High |
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service. | ||||
| CVE-2024-31846 | 2024-08-02 | 7.5 High | ||
| An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||||
| CVE-2024-31967 | 1 Mitel | 3 6800 Series Sip Phones, 6900 Series Sip Phones, 6970 Conference Unit | 2024-08-02 | 9.1 Critical |
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration. | ||||
| CVE-2024-31859 | 2024-08-02 | 4.3 Medium | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin | ||||
| CVE-2024-31682 | 2024-08-02 | 9.8 Critical | ||
| Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API. | ||||
| CVE-2024-31320 | 2024-08-02 | 7.4 High | ||
| In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31207 | 2024-08-02 | 5.9 Medium | ||
| Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18. | ||||
| CVE-2024-30107 | 1 Hcltech | 1 Connections | 2024-08-02 | 3.5 Low |
| HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | ||||
| CVE-2024-30059 | 1 Microsoft | 1 Intune Mobile Application Management For Android | 2024-08-02 | 6.1 Medium |
| Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | ||||