Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3151 | 1 Canonical | 1 Selinux | 2024-11-21 | 5.8 MEDIUM | 5.2 MEDIUM |
| The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem. | |||||
| CVE-2024-43645 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 2 more | 2024-11-18 | N/A | 6.7 MEDIUM |
| Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | |||||
| CVE-2024-38203 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 6.2 MEDIUM |
| Windows Package Library Manager Information Disclosure Vulnerability | |||||
| CVE-2021-1494 | 2024-11-18 | N/A | 5.8 MEDIUM | ||
| Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. | |||||
| CVE-2024-38660 | 2024-11-15 | N/A | 3.8 LOW | ||
| Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36242 | 2024-11-15 | N/A | 8.8 HIGH | ||
| Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-45835 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-01 | N/A | 2.5 LOW |
| Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. | |||||
| CVE-2024-51481 | 2024-11-01 | N/A | N/A | ||
| Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import <nix/fetchurl.nix>`) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS. The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. However, sandboxing *can* mitigate the impact of other security issues by limiting what parts of the host system a build has access to. | |||||
| CVE-2024-20286 | 1 Cisco | 232 N9k-c92160yc-x, N9k-c92300yc, N9k-c92304qc and 229 more | 2024-10-22 | N/A | 5.3 MEDIUM |
| A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide. | |||||
| CVE-2024-43513 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-17 | N/A | 6.4 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2024-20284 | 1 Cisco | 232 N9k-c92160yc-x, N9k-c92300yc, N9k-c92304qc and 229 more | 2024-10-17 | N/A | 5.3 MEDIUM |
| A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide. | |||||
| CVE-2024-43585 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-16 | N/A | 5.5 MEDIUM |
| Code Integrity Guard Security Feature Bypass Vulnerability | |||||
| CVE-2024-43584 | 1 Microsoft | 6 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-10-16 | N/A | 7.7 HIGH |
| Windows Scripting Engine Security Feature Bypass Vulnerability | |||||
| CVE-2024-20438 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Fabric Controller | 2024-10-08 | N/A | 6.3 MEDIUM |
| A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. | |||||
| CVE-2024-45833 | 1 Mattermost | 1 Mattermost Mobile | 2024-09-23 | N/A | 4.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.. | |||||
| CVE-2022-4100 | 1 Wpcerber | 1 Cerber Security Antispam \& Malware Scan | 2024-09-20 | N/A | 5.3 MEDIUM |
| The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked. | |||||
| CVE-2024-43487 | 1 Microsoft | 8 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 5 more | 2024-09-18 | N/A | 6.5 MEDIUM |
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||
| CVE-2024-38226 | 1 Microsoft | 2 Office, Publisher | 2024-09-12 | N/A | 7.3 HIGH |
| Microsoft Publisher Security Feature Bypass Vulnerability | |||||
| CVE-2024-23499 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 6.5 MEDIUM |
| Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2024-39836 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 4.8 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails. | |||||