Total
2289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21376 | 1 Microsoft | 1 Azure Kubernetes Service | 2024-05-29 | N/A | 9.0 CRITICAL |
| Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | |||||
| CVE-2024-21364 | 1 Microsoft | 1 Azure Site Recovery | 2024-05-29 | N/A | 9.3 CRITICAL |
| Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | |||||
| CVE-2024-20695 | 1 Microsoft | 1 Skype For Business Server | 2024-05-29 | N/A | 5.7 MEDIUM |
| Skype for Business Information Disclosure Vulnerability | |||||
| CVE-2024-20657 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.0 HIGH |
| Windows Group Policy Elevation of Privilege Vulnerability | |||||
| CVE-2024-3746 | 2024-05-28 | N/A | 5.5 MEDIUM | ||
| The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. | |||||
| CVE-2024-31859 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin | |||||
| CVE-2024-29215 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook task command. | |||||
| CVE-2024-5272 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by finished. | |||||
| CVE-2023-52711 | 2024-05-28 | N/A | 7.8 HIGH | ||
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM | |||||
| CVE-2023-52712 | 2024-05-28 | N/A | 7.8 HIGH | ||
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM | |||||
| CVE-2024-32045 | 2024-05-28 | N/A | 5.9 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members of. | |||||
| CVE-2024-36241 | 2024-05-28 | N/A | 3.1 LOW | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command | |||||
| CVE-2024-5270 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit personal details that were otherwise non-editable and provided by the SAML provider. | |||||
| CVE-2024-34152 | 2024-05-28 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server | |||||
| CVE-2024-5318 | 2024-05-24 | N/A | 4.0 MEDIUM | ||
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts. | |||||
| CVE-2024-26139 | 2024-05-24 | N/A | 8.3 HIGH | ||
| OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application. | |||||
| CVE-2024-35222 | 2024-05-24 | N/A | 5.9 MEDIUM | ||
| Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid commands with potentially unwanted consequences ("delete project", "transfer credits", etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19. | |||||
| CVE-2024-32969 | 2024-05-24 | N/A | 2.7 LOW | ||
| vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3. | |||||
| CVE-2024-5168 | 2024-05-24 | N/A | 9.8 CRITICAL | ||
| Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application. | |||||
| CVE-2024-28978 | 1 Dell | 1 Openmanage Enterprise | 2024-05-23 | N/A | 6.5 MEDIUM |
| Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources. | |||||