Total
2821 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22209 | 1 Edx | 1 Edx-platform | 2024-08-01 | 6.4 Medium |
| Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f. | ||||
| CVE-2024-22206 | 1 Clerk | 1 Javascript | 2024-08-01 | 9.1 Critical |
| Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | ||||
| CVE-2024-22020 | 1 Redhat | 1 Enterprise Linux | 2024-08-01 | 6.5 Medium |
| A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers. | ||||
| CVE-2024-21848 | 2024-08-01 | 3.1 Low | ||
| Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel | ||||
| CVE-2024-21828 | 2024-08-01 | 6.7 Medium | ||
| Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21667 | 1 Pimcore | 1 Customer Management Framework | 2024-08-01 | 6.5 Medium |
| pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6. | ||||
| CVE-2024-21644 | 1 Pyload | 1 Pyload | 2024-08-01 | 7.5 High |
| pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77. | ||||
| CVE-2024-21740 | 1 Artery | 2 At32f415cbt7, At32f421c8t7 | 2024-08-01 | 7.4 High |
| Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Control. | ||||
| CVE-2024-21665 | 1 Pimcore | 1 E-commerce Framework | 2024-08-01 | 4.3 Medium |
| ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10. | ||||
| CVE-2024-21741 | 1 Gigadevice | 1 Gd32e103c8t6 | 2024-08-01 | 9.8 Critical |
| GigaDevice GD32E103C8T6 devices have Incorrect Access Control. | ||||
| CVE-2024-21666 | 1 Pimcore | 1 Customer Management Framework | 2024-08-01 | 6.5 Medium |
| The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6. | ||||
| CVE-2024-21589 | 1 Juniper | 1 Paragon Active Assurance Control Center | 2024-08-01 | 7.4 High |
| An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0. | ||||
| CVE-2024-21424 | 1 Microsoft | 1 Azure Compute Gallery | 2024-08-01 | 6.5 Medium |
| Azure Compute Gallery Elevation of Privilege Vulnerability | ||||
| CVE-2024-21436 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-08-01 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-21376 | 1 Microsoft | 2 Azure Kubernetes Service, Azure Kubernetes Service Confidential Containers | 2024-08-01 | 9 Critical |
| Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | ||||
| CVE-2024-21364 | 1 Microsoft | 2 Azure Active Site Recovery, Azure Site Recovery | 2024-08-01 | 9.3 Critical |
| Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | ||||
| CVE-2024-21401 | 1 Microsoft | 1 Entra Jira Sso Plugin | 2024-08-01 | 9.8 Critical |
| Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | ||||
| CVE-2024-21169 | 2024-08-01 | 6.5 Medium | ||
| Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2024-21153 | 2024-08-01 | 8.1 High | ||
| Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). The supported version that is affected is 12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Product Development accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Product Development accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2024-21074 | 1 Oracle | 1 Trade Management | 2024-08-01 | 7.5 High |
| Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||