Total
1862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43479 | 1 Microsoft | 1 Power Automate | 2024-09-13 | N/A | 8.5 HIGH |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability | |||||
| CVE-2024-8584 | 1 Learningdigital | 1 Orca Hcm | 2024-09-13 | N/A | 9.8 CRITICAL |
| Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. ( The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.) | |||||
| CVE-2024-44571 | 2024-09-12 | N/A | 8.8 HIGH | ||
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. | |||||
| CVE-2024-41732 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-11 | N/A | 5.4 MEDIUM |
| SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application. | |||||
| CVE-2024-0104 | 1 Nvidia | 7 Metrox-2, Metrox-3 Xc, Mlnx-gw and 4 more | 2024-09-11 | N/A | 8.8 HIGH |
| NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | |||||
| CVE-2024-43477 | 2024-09-10 | N/A | 7.5 HIGH | ||
| Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | |||||
| CVE-2024-42022 | 2024-09-09 | N/A | 7.5 HIGH | ||
| An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | |||||
| CVE-2024-42023 | 2024-09-09 | N/A | 7.8 HIGH | ||
| An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | |||||
| CVE-2024-42021 | 2024-09-09 | N/A | 7.5 HIGH | ||
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | |||||
| CVE-2024-24986 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 8.8 HIGH |
| Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-25576 | 1 Intel | 1 Agilex 7 Fpga Firmware | 2024-09-06 | N/A | 7.9 HIGH |
| improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-26022 | 1 Intel | 1 Aptio V Uefi Firmware Integrator Tools | 2024-09-06 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28050 | 1 Intel | 2 Arc A Graphics, Iris Xe Graphics | 2024-09-06 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-42967 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | |||||
| CVE-2024-42919 | 2024-09-06 | N/A | 9.8 CRITICAL | ||
| eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. | |||||
| CVE-2024-45392 | 1 Salesagility | 1 Suitecrm | 2024-09-06 | N/A | 4.3 MEDIUM |
| SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | |||||
| CVE-2024-36068 | 1 Rubrik | 1 Cloud Data Management | 2024-09-05 | N/A | 9.8 CRITICAL |
| An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | |||||
| CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | N/A | 9.8 CRITICAL |
| Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | |||||
| CVE-2024-39837 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 5.4 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled. | |||||
| CVE-2024-39839 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the local server as long as the user hadn't been synced before. | |||||