Total
2800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25830 | 2024-08-13 | 9.8 Critical | ||
| F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. | ||||
| CVE-2024-36535 | 2024-08-13 | 9.8 Critical | ||
| Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2024-1343 | 2024-08-13 | 4.7 Medium | ||
| A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'. | ||||
| CVE-2024-37742 | 1 Ethz | 1 Safe Exam Browser | 2024-08-13 | 8.2 High |
| Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity. By exploiting this flaw, an attacker can bypass exam controls and gain an unfair advantage during exams. | ||||
| CVE-2024-21767 | 2024-08-12 | 9.4 Critical | ||
| A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request. | ||||
| CVE-2024-23675 | 1 Splunk | 2 Cloud, Splunk | 2024-08-12 | 6.5 Medium |
| In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | ||||
| CVE-2024-21418 | 1 Microsoft | 1 Azure Software For Open Networking In The Cloud | 2024-08-12 | 7.8 High |
| Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | ||||
| CVE-2024-7525 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-08-12 | 9.1 Critical |
| It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | ||||
| CVE-2024-42354 | 1 Shopware | 1 Shopware | 2024-08-12 | 5.3 Medium |
| Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | ||||
| CVE-2023-39259 | 1 Dell | 1 Os Recovery Tool | 2024-08-12 | 7.3 High |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | ||||
| CVE-2024-3279 | 1 Mintplexlabs | 1 Anythingllm | 2024-08-12 | N/A |
| An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of the existing `anythingllm.db` file. By exploiting this vulnerability, attackers can serve malicious data to users or collect information about them. The vulnerability stems from the application's failure to properly restrict access to the data-import functionality, allowing unauthorized database manipulation. | ||||
| CVE-2024-1942 | 2024-08-12 | 4.3 Medium | ||
| Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of. | ||||
| CVE-2023-39941 | 2024-08-09 | 7.1 High | ||
| Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2023-42838 | 2024-08-09 | 8.2 High | ||
| An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | ||||
| CVE-2024-20291 | 2024-08-09 | 5.8 Medium | ||
| A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces. | ||||
| CVE-2024-4225 | 2024-08-09 | 7.6 High | ||
| Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user's privilege, steal user's credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). | ||||
| CVE-2024-26201 | 1 Microsoft | 1 Intune Company Portal | 2024-08-09 | 6.6 Medium |
| Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-26203 | 1 Microsoft | 1 Azure Data Studio | 2024-08-09 | 7.3 High |
| Azure Data Studio Elevation of Privilege Vulnerability | ||||
| CVE-2024-41250 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 5.3 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | ||||
| CVE-2024-1701 | 2024-08-08 | 5.3 Medium | ||
| A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||