Total
19 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49040 | 1 Microsoft | 1 Exchange Server | 2024-11-16 | N/A | 7.5 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2024-51749 | 2024-11-13 | N/A | 3.5 LOW | ||
| Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85. | |||||
| CVE-2024-38197 | 1 Microsoft | 1 Teams | 2024-10-22 | N/A | 6.5 MEDIUM |
| Microsoft Teams for iOS Spoofing Vulnerability | |||||
| CVE-2024-47044 | 2024-10-17 | N/A | 5.3 MEDIUM | ||
| Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. | |||||
| CVE-2024-7020 | 2024-09-26 | N/A | 4.3 MEDIUM | ||
| Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-7019 | 2024-09-26 | N/A | 4.3 MEDIUM | ||
| Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-7281 | 2024-09-26 | N/A | 4.3 MEDIUM | ||
| Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-7282 | 2024-09-26 | N/A | 4.3 MEDIUM | ||
| Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-43461 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-09-17 | N/A | 8.8 HIGH |
| Windows MSHTML Platform Spoofing Vulnerability | |||||
| CVE-2024-6595 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 5.3 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. | |||||
| CVE-2024-38112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-08-14 | N/A | 7.5 HIGH |
| Windows MSHTML Platform Spoofing Vulnerability | |||||
| CVE-2024-7529 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 6.5 MEDIUM |
| The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-38093 | 1 Microsoft | 1 Edge | 2024-08-07 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-38082 | 1 Microsoft | 1 Edge | 2024-08-07 | N/A | 4.7 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-7011 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-23708 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-30055 | 2024-05-15 | N/A | 5.4 MEDIUM | ||
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2022-23646 | 1 Vercel | 1 Next.js | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default. | |||||
| CVE-2023-50938 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 4.3 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128. | |||||