Total
2799 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43813 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 4.3 Medium |
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user. | ||||
CVE-2024-8071 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 4.7 Medium |
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role (e.g. member) to include the `manage_system` permission, effectively becoming a System Admin. | ||||
CVE-2024-29977 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 2.7 Low |
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts | ||||
CVE-2024-36492 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 7.4 High |
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user. | ||||
CVE-2024-39274 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 8.7 High |
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels | ||||
CVE-2024-39777 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 8.7 High |
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local channel will then become shared without the consent of the local admin. | ||||
CVE-2024-28390 | 2024-08-22 | 9.8 Critical | ||
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. | ||||
CVE-2024-31759 | 2024-08-22 | 8.8 High | ||
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | ||||
CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-08-22 | 6.7 Medium |
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | ||||
CVE-2024-2314 | 2024-08-22 | 2.8 Low | ||
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. | ||||
CVE-2024-2217 | 2024-08-22 | N/A | ||
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication. | ||||
CVE-2024-30418 | 2024-08-22 | 7.5 High | ||
Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-2412 | 2024-08-22 | 5.3 Medium | ||
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled. | ||||
CVE-2024-36505 | 1 Fortinet | 1 Fortios | 2024-08-22 | 4.7 Medium |
An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system. | ||||
CVE-2023-42945 | 2024-08-22 | 9.1 Critical | ||
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth. | ||||
CVE-2023-25777 | 2024-08-22 | 7.9 High | ||
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2023-6259 | 2024-08-22 | 7.1 High | ||
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3. | ||||
CVE-2023-39244 | 2024-08-22 | 7.3 High | ||
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | ||||
CVE-2024-27187 | 1 Joomla | 1 Joomla\! | 2024-08-22 | 7.5 High |
Improper Access Controls allows backend users to overwrite their username when disallowed. | ||||
CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2024-08-21 | 9.8 Critical |
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. |