Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29348 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-05-29 | N/A | 7.5 HIGH |
| Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | |||||
| CVE-2023-28271 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2023-28221 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-05-29 | N/A | 7.0 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-24881 | 1 Microsoft | 1 Teams | 2024-05-29 | N/A | 6.5 MEDIUM |
| Microsoft Teams Information Disclosure Vulnerability | |||||
| CVE-2024-21380 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-05-29 | N/A | 8.0 HIGH |
| Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | |||||
| CVE-2024-21320 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 6.5 MEDIUM |
| Windows Themes Spoofing Vulnerability | |||||
| CVE-2024-34029 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check in the /api/v4/groups/<group-id>/channels/<channel-id>/link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team. | |||||
| CVE-2021-20594 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names. | |||||
| CVE-2024-5202 | 2024-05-24 | N/A | 7.7 HIGH | ||
| Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices | |||||
| CVE-2024-28188 | 2024-05-24 | N/A | 5.3 MEDIUM | ||
| Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of `jupyter-scheduler` users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2. | |||||
| CVE-2024-35223 | 2024-05-24 | N/A | 5.3 MEDIUM | ||
| Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Dapr sends the app token of the invoker app instead of the app token of the invoked app. This causes of a leak of the application token of the invoker app to the invoked app when using Dapr as a gRPC proxy for remote service invocation. This vulnerability impacts Dapr users who use Dapr as a gRPC proxy for remote service invocation as well as the Dapr App API token functionality. An attacker could exploit this vulnerability to gain access to the app token of the invoker app, potentially compromising security and authentication mechanisms. This vulnerability was patched in version 1.13.3. | |||||
| CVE-2024-3708 | 2024-05-24 | N/A | N/A | ||
| A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes: 1.) cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior could result 2.) a memory information disclosure event could result which could be used to determine the state of memory which could then be used to theoretically bypass ALSR protections This CVE will be updated with more details on July 9th, 2024 after affected parties have had time to remediate. | |||||
| CVE-2024-21902 | 2024-05-21 | N/A | 6.4 MEDIUM | ||
| An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | |||||
| CVE-2024-1968 | 2024-05-20 | N/A | 7.5 HIGH | ||
| In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware. | |||||
| CVE-2024-32131 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82. | |||||
| CVE-2009-0521 | 2 Adobe, Linux | 2 Flash Player For Linux, Linux Kernel | 2024-05-17 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH. | |||||
| CVE-2024-4584 | 2024-05-17 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4022 | 2024-05-17 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261674 is the identifier assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024. | |||||
| CVE-2024-4021 | 2024-05-17 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261673 was assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024. | |||||
| CVE-2024-3689 | 2024-05-17 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||