Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6428 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 6.5 MEDIUM |
| Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9.5.5 fail to prevent specifying a RemoteId when creating a new user which allows an attacker to specify both a remoteId and the user ID, resulting in creating a user with a user-defined user ID. This can cause some broken functionality in User Management such administrative actions against the user not working. | |||||
| CVE-2024-39361 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 5.4 MEDIUM |
| Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken functionality in the channel or thread with user-defined posts | |||||
| CVE-2024-36257 | 1 Mattermost | 1 Mattermost | 2024-07-05 | N/A | 5.3 MEDIUM |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A. | |||||
| CVE-2024-5687 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the `Referer` and `Sec-*` headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 127. | |||||
| CVE-2024-4988 | 2024-07-03 | N/A | 7.5 HIGH | ||
| The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage. | |||||
| CVE-2024-3746 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. | |||||
| CVE-2024-38873 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha integration for the ext:form extension. | |||||
| CVE-2024-37677 | 1 Access Management Specialist Project | 1 Access Management Specialist | 2024-07-03 | N/A | 7.5 HIGH |
| An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. | |||||
| CVE-2024-37289 | 2024-07-03 | N/A | 7.8 HIGH | ||
| An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-36037 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | |||||
| CVE-2024-35396 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | |||||
| CVE-2024-34221 | 2024-07-03 | N/A | 8.8 HIGH | ||
| Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | |||||
| CVE-2024-33666 | 2024-07-03 | N/A | 8.6 HIGH | ||
| An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents. | |||||
| CVE-2024-33396 | 2024-07-03 | N/A | 8.4 HIGH | ||
| An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | |||||
| CVE-2024-33393 | 2024-07-03 | N/A | 6.2 MEDIUM | ||
| An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | |||||
| CVE-2024-33260 | 2024-07-03 | N/A | 5.1 MEDIUM | ||
| Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c | |||||
| CVE-2024-32418 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. | |||||
| CVE-2024-31967 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration. | |||||
| CVE-2024-31964 | 2024-07-03 | N/A | 7.5 HIGH | ||
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service. | |||||
| CVE-2024-31846 | 2024-07-03 | N/A | 7.5 HIGH | ||
| An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||