Total
2843 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43492 | 1 Microsoft | 1 Autoupdate | 2024-09-18 | N/A | 7.8 HIGH |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | |||||
| CVE-2024-7557 | 1 Redhat | 2 Openshift Ai, Openshift Data Science | 2024-09-18 | N/A | 8.8 HIGH |
| A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. | |||||
| CVE-2024-38220 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-17 | N/A | 9.0 CRITICAL |
| Azure Stack Hub Elevation of Privilege Vulnerability | |||||
| CVE-2024-8779 | 1 Syscomgo | 1 Omflow | 2024-09-17 | N/A | 8.8 HIGH |
| OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server. | |||||
| CVE-2024-40766 | 1 Sonicwall | 52 Nsa 2650, Nsa 2700, Nsa 3600 and 49 more | 2024-09-16 | N/A | 9.8 CRITICAL |
| An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. | |||||
| CVE-2023-43626 | 2024-09-16 | N/A | 7.5 HIGH | ||
| Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-39580 | 1 Dell | 1 Insightiq | 2024-09-16 | N/A | 6.7 MEDIUM |
| Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2024-43479 | 1 Microsoft | 1 Power Automate | 2024-09-13 | N/A | 8.5 HIGH |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability | |||||
| CVE-2024-41732 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-11 | N/A | 5.4 MEDIUM |
| SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application. | |||||
| CVE-2024-24986 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 8.8 HIGH |
| Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-25576 | 1 Intel | 1 Agilex 7 Fpga Firmware | 2024-09-06 | N/A | 7.9 HIGH |
| improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-26022 | 1 Intel | 1 Aptio V Uefi Firmware Integrator Tools | 2024-09-06 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28050 | 1 Intel | 2 Arc A Graphics, Iris Xe Graphics | 2024-09-06 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-42919 | 2024-09-06 | N/A | 9.8 CRITICAL | ||
| eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. | |||||
| CVE-2024-45392 | 1 Salesagility | 1 Suitecrm | 2024-09-06 | N/A | 4.3 MEDIUM |
| SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | |||||
| CVE-2024-36068 | 1 Rubrik | 1 Cloud Data Management | 2024-09-05 | N/A | 9.8 CRITICAL |
| An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | |||||
| CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | N/A | 9.8 CRITICAL |
| Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | |||||
| CVE-2024-39837 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 5.4 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled. | |||||
| CVE-2024-39839 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the local server as long as the user hadn't been synced before. | |||||
| CVE-2024-41144 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 7.1 HIGH |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels | |||||