Total
3524 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37993 | 1 Siemens | 54 Simatic Reader Rf610r Cmiit, Simatic Reader Rf610r Cmiit Firmware, Simatic Reader Rf610r Etsi and 51 more | 2024-09-18 | 5.3 Medium |
| A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition. | ||||
| CVE-2024-8269 | 2 Fluxbuilder, Inspireui | 2 Mstore Api, Mstore Api | 2024-09-18 | 7.3 High |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the register() function. This makes it possible for unauthenticated attackers to create user accounts on sites, even when user registration is disabled and plugin functionality is not activated. | ||||
| CVE-2024-8779 | 1 Syscomgo | 1 Omflow | 2024-09-17 | 8.8 High |
| OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server. | ||||
| CVE-2023-43626 | 1 Intel | 45 Atom C2308 Firmware, Atom C2316 Firmware, Atom C2338 Firmware and 42 more | 2024-09-16 | 7.5 High |
| Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-40766 | 1 Sonicwall | 52 Nsa 2650, Nsa 2700, Nsa 3600 and 49 more | 2024-09-16 | 9.3 Critical |
| An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. | ||||
| CVE-2024-39580 | 1 Dell | 2 Insightiq, Powerscale Insightiq | 2024-09-16 | 6.7 Medium |
| Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2024-42919 | 1 Escanav | 1 Escan Management Console | 2024-09-13 | 9.8 Critical |
| eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. | ||||
| CVE-2024-41732 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-11 | 4.7 Medium |
| SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application. | ||||
| CVE-2024-24986 | 1 Intel | 2 Ethernet 800 Series Controllers Driver, Ethernet Complete Driver Pack | 2024-09-06 | 8.8 High |
| Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-25576 | 1 Intel | 6 Agilex 7 Fpga F-series 006 Firmware, Agilex 7 Fpga F-series 008 Firmware, Agilex 7 Fpga F-series 012 Firmware and 3 more | 2024-09-06 | 7.9 High |
| improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2024-26022 | 1 Intel | 3 Aptio V Uefi Firmware Integrator Tools, Uefi Integrator Tools On Aptio V For Intel Nuc Lnx, Uefi Integrator Tools On Aptio V For Intel Nuc Win | 2024-09-06 | 7.8 High |
| Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-28050 | 1 Intel | 2 Arc A Graphics, Iris Xe Graphics | 2024-09-06 | 5 Medium |
| Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-45392 | 1 Salesagility | 1 Suitecrm | 2024-09-06 | 7.7 High |
| SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | ||||
| CVE-2024-36068 | 1 Rubrik | 2 Cdm, Cloud Data Management | 2024-09-05 | 7.5 High |
| An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | ||||
| CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | 9.1 Critical |
| Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | ||||
| CVE-2024-39837 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 3.8 Low |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled. | ||||
| CVE-2024-39839 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 4.3 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the local server as long as the user hadn't been synced before. | ||||
| CVE-2024-41144 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 5.5 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels | ||||
| CVE-2024-41162 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 4.1 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only. | ||||
| CVE-2024-41926 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 2.7 Low |
| Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote. | ||||