Total
29062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39772 | 1 Mattermost | 1 Mattermost Server | 2024-09-17 | 3.7 Low |
| Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. | ||||
| CVE-2024-42033 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-17 | 6.9 Medium |
| Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2024-44945 | 1 Linux | 1 Linux Kernel | 2024-09-17 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END. | ||||
| CVE-2024-39418 | 1 Adobe | 2 Commerce, Magento | 2024-09-17 | 5.4 Medium |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-39411 | 1 Adobe | 2 Commerce, Magento | 2024-09-17 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-39407 | 1 Adobe | 2 Commerce, Magento | 2024-09-17 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-39405 | 1 Adobe | 2 Commerce, Magento | 2024-09-17 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-25153 | 1 Itarian | 1 Endpoint Manager Communication Client | 2024-09-17 | 7.8 High |
| The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. | ||||
| CVE-2022-25152 | 1 Itarian | 2 On-premise, Saas Service Desk | 2024-09-17 | 9.9 Critical |
| The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents. | ||||
| CVE-2018-0809 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-09-17 | N/A |
| The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0820 and CVE-2018-0843. | ||||
| CVE-2020-12027 | 1 Rockwellautomation | 1 Factorytalk View | 2024-09-17 | 4.3 Medium |
| All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. | ||||
| CVE-2020-4475 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-17 | 6.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2017-1350 | 1 Ibm | 1 Infosphere Information Server | 2024-09-17 | N/A |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. | ||||
| CVE-2010-2707 | 1 Hp | 5 Procurve Switch 2626, Procurve Switch 2626-pwr, Procurve Switch 2650 and 2 more | 2024-09-17 | N/A |
| Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. | ||||
| CVE-2017-5822 | 1 Hp | 1 Intelligent Management Center | 2024-09-17 | N/A |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||||
| CVE-2009-0627 | 1 Cisco | 3 Nexus 5000, Nexus 7000, Nx-os | 2024-09-17 | N/A |
| Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609. | ||||
| CVE-2017-8733 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2024-09-17 | N/A |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". | ||||
| CVE-2017-2650 | 1 Jenkins | 1 Pipeline Classpath Step | 2024-09-17 | N/A |
| It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins. | ||||
| CVE-2020-7754 | 2 Npmjs, Redhat | 3 Npm-user-validate, Enterprise Linux, Rhel Software Collections | 2024-09-17 | 7.5 High |
| This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. | ||||
| CVE-2020-4499 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-09-17 | 9.8 Critical |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. | ||||