Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28246 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Registry Elevation of Privilege Vulnerability | |||||
| CVE-2023-24905 | 1 Microsoft | 5 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 2 more | 2024-05-29 | N/A | 7.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2023-21777 | 1 Microsoft | 1 Azure App Service On Azure Stack | 2024-05-29 | N/A | 8.7 HIGH |
| Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability | |||||
| CVE-2023-21751 | 1 Microsoft | 1 Azure Devops Server | 2024-05-29 | N/A | 6.5 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2024-21436 | 2024-05-29 | N/A | 7.8 HIGH | ||
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-21418 | 2024-05-29 | N/A | 7.8 HIGH | ||
| Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | |||||
| CVE-2024-21401 | 1 Microsoft | 1 Entra Jira Sso Plugin | 2024-05-29 | N/A | 9.8 CRITICAL |
| Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | |||||
| CVE-2024-21376 | 1 Microsoft | 1 Azure Kubernetes Service | 2024-05-29 | N/A | 9.0 CRITICAL |
| Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | |||||
| CVE-2024-21364 | 1 Microsoft | 1 Azure Site Recovery | 2024-05-29 | N/A | 9.3 CRITICAL |
| Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | |||||
| CVE-2024-20695 | 1 Microsoft | 1 Skype For Business Server | 2024-05-29 | N/A | 5.7 MEDIUM |
| Skype for Business Information Disclosure Vulnerability | |||||
| CVE-2024-20657 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.0 HIGH |
| Windows Group Policy Elevation of Privilege Vulnerability | |||||
| CVE-2024-29215 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook task command. | |||||
| CVE-2024-31859 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin | |||||
| CVE-2024-36241 | 2024-05-28 | N/A | 3.1 LOW | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command | |||||
| CVE-2024-5272 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by finished. | |||||
| CVE-2024-5270 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit personal details that were otherwise non-editable and provided by the SAML provider. | |||||
| CVE-2023-52711 | 2024-05-28 | N/A | 7.8 HIGH | ||
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM | |||||
| CVE-2023-52712 | 2024-05-28 | N/A | 7.8 HIGH | ||
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM | |||||
| CVE-2024-32045 | 2024-05-28 | N/A | 5.9 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members of. | |||||
| CVE-2024-34152 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server | |||||