Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45735 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-16 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. | |||||
| CVE-2024-43590 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-10-16 | N/A | 7.8 HIGH |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-43780 | 1 Mattermost | 1 Mattermost Server | 2024-10-16 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. | |||||
| CVE-2024-42497 | 1 Mattermost | 1 Mattermost Server | 2024-10-16 | N/A | 6.0 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams. | |||||
| CVE-2020-36838 | 2024-10-16 | N/A | 7.4 HIGH | ||
| The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. | |||||
| CVE-2024-45135 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 2.7 LOW |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45133 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 2.7 LOW |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45129 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45130 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45124 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45118 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | N/A | 6.5 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45121 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-45122 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-46539 | 2024-10-10 | N/A | 8.2 HIGH | ||
| Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). | |||||
| CVE-2024-47910 | 2024-10-07 | N/A | 7.2 HIGH | ||
| An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | |||||
| CVE-2024-42514 | 2024-10-07 | N/A | 8.1 HIGH | ||
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session. | |||||
| CVE-2023-26770 | 2024-10-07 | N/A | 9.8 CRITICAL | ||
| TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. | |||||
| CVE-2024-20343 | 2 Cisco, Linux | 2 Ios Xr, Linux Kernel | 2024-10-07 | N/A | 5.5 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system. | |||||
| CVE-2024-46280 | 2024-10-04 | N/A | 8.8 HIGH | ||
| PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them. | |||||
| CVE-2024-45408 | 2024-10-04 | N/A | 7.5 HIGH | ||
| eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel. | |||||