Vulnerabilities (CVE)

Filtered by CWE-691
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-3847 2024-11-21 N/A 9.8 CRITICAL
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-37158 2024-11-21 N/A 3.5 LOW
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different. The vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module. This vulnerability is fixed in 18.0.0.
CVE-2023-5102 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 5.3 MEDIUM
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.
CVE-2023-44384 1 Discourse 1 Discourse Jira 2024-11-21 N/A 4.1 MEDIUM
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.
CVE-2022-48481 2 Apple, Jetbrains 2 Macos, Toolbox 2024-11-21 N/A 5.2 MEDIUM
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
CVE-2022-46299 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 N/A 3.3 LOW
Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2021-33157 2024-11-21 N/A 7.2 HIGH
Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-33617 2024-11-15 N/A 5.9 MEDIUM
Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-29079 2024-11-15 N/A 6.8 MEDIUM
Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-25565 2024-11-15 N/A 3.8 LOW
Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.
CVE-2024-21801 2024-08-14 N/A 7.1 HIGH
Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-22374 2024-08-14 N/A 6.5 MEDIUM
Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.