Export limit exceeded: 10629 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10629 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24986 | 1 Intel | 2 Ethernet 800 Series Controllers Driver, Ethernet Complete Driver Pack | 2024-09-06 | 8.8 High |
| Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-25576 | 1 Intel | 6 Agilex 7 Fpga F-series 006 Firmware, Agilex 7 Fpga F-series 008 Firmware, Agilex 7 Fpga F-series 012 Firmware and 3 more | 2024-09-06 | 7.9 High |
| improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2024-26022 | 1 Intel | 3 Aptio V Uefi Firmware Integrator Tools, Uefi Integrator Tools On Aptio V For Intel Nuc Lnx, Uefi Integrator Tools On Aptio V For Intel Nuc Win | 2024-09-06 | 7.8 High |
| Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-28050 | 1 Intel | 2 Arc A Graphics, Iris Xe Graphics | 2024-09-06 | 5 Medium |
| Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-5956 | 1 Trellix | 1 Intrusion Prevention System Manager | 2024-09-06 | 6.5 Medium |
| This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly | ||||
| CVE-2024-5957 | 1 Trellix | 1 Intrusion Prevention System Manager | 2024-09-06 | 6.3 Medium |
| This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. | ||||
| CVE-2024-8181 | 1 Flowiseai | 1 Flowise | 2024-09-06 | 9.8 Critical |
| An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. | ||||
| CVE-2024-45392 | 1 Salesagility | 1 Suitecrm | 2024-09-06 | 7.7 High |
| SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | ||||
| CVE-2024-36068 | 1 Rubrik | 2 Cdm, Cloud Data Management | 2024-09-05 | 7.5 High |
| An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | ||||
| CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | 9.1 Critical |
| Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | ||||
| CVE-2024-7346 | 1 Progress | 1 Openedge | 2024-09-05 | 7.2 High |
| Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation. | ||||
| CVE-2024-7745 | 1 Progress | 1 Ws Ftp Server | 2024-09-04 | 6.5 Medium |
| In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. | ||||
| CVE-2024-39837 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 3.8 Low |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled. | ||||
| CVE-2024-39839 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 4.3 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the local server as long as the user hadn't been synced before. | ||||
| CVE-2024-41144 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 5.5 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels | ||||
| CVE-2024-41162 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 4.1 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only. | ||||
| CVE-2024-41926 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 2.7 Low |
| Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote. | ||||
| CVE-2024-45509 | 1 Misp | 1 Misp | 2024-09-04 | 9.8 Critical |
| In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. | ||||
| CVE-2024-41518 | 2 Feripro, Mecodia | 2 Feripro, Feripro | 2024-09-03 | 7.5 High |
| An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants. | ||||
| CVE-2024-7851 | 2 Oretnom23, Sourcecodester | 2 Yoga Class Registration System, Yoga Class Registration System | 2024-09-03 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||