Total
145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6741 | 1 Openfind | 1 Mail2000 | 2024-07-19 | N/A | 5.3 MEDIUM |
| Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled. | |||||
| CVE-2024-6504 | 2024-07-18 | N/A | 4.3 MEDIUM | ||
| Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261. | |||||
| CVE-2024-38092 | 1 Microsoft | 1 Azure Cyclecloud | 2024-07-12 | N/A | 8.8 HIGH |
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||
| CVE-2024-38058 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-11 | N/A | 6.8 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2024-38070 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-07-11 | N/A | 7.8 HIGH |
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | |||||
| CVE-2024-39599 | 2024-07-09 | N/A | 4.7 MEDIUM | ||
| Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability. | |||||
| CVE-2024-27713 | 2024-07-09 | N/A | 8.8 HIGH | ||
| An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component. | |||||
| CVE-2024-29510 | 2024-07-08 | N/A | 6.3 MEDIUM | ||
| Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | |||||
| CVE-2024-34144 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2024-30052 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2024-07-02 | N/A | 4.7 MEDIUM |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2024-6153 | 2024-06-21 | N/A | 7.8 HIGH | ||
| Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-19481. | |||||
| CVE-2024-5924 | 2024-06-17 | N/A | 8.8 HIGH | ||
| Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991. | |||||
| CVE-2024-37182 | 2024-06-17 | N/A | 4.7 MEDIUM | ||
| Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes. | |||||
| CVE-2024-36287 | 2024-06-17 | N/A | 3.8 LOW | ||
| Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. | |||||
| CVE-2023-4039 | 1 Gnu | 1 Gcc | 2024-06-13 | N/A | 4.8 MEDIUM |
| **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. | |||||
| CVE-2024-30050 | 2024-06-11 | N/A | 5.4 MEDIUM | ||
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||
| CVE-2024-26163 | 1 Microsoft | 1 Edge Chromium | 2024-06-11 | N/A | 4.7 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2024-21423 | 2024-06-11 | N/A | 4.8 MEDIUM | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-21412 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-06-11 | N/A | 8.1 HIGH |
| Internet Shortcut Files Security Feature Bypass Vulnerability | |||||
| CVE-2024-20673 | 1 Microsoft | 7 Excel, Office, Powerpoint and 4 more | 2024-06-11 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||