Total
110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35352 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-08-29 | N/A | 7.5 HIGH |
| Windows Remote Desktop Security Feature Bypass Vulnerability | |||||
| CVE-2024-39836 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 6.5 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails. | |||||
| CVE-2024-38180 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-16 | N/A | 8.8 HIGH |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||
| CVE-2024-21412 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-08-14 | N/A | 8.1 HIGH |
| Internet Shortcut Files Security Feature Bypass Vulnerability | |||||
| CVE-2024-24980 | 2024-08-14 | N/A | 6.1 MEDIUM | ||
| Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-24983 | 2024-08-14 | N/A | 6.5 MEDIUM | ||
| Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2024-38213 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-08-14 | N/A | 6.5 MEDIUM |
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||
| CVE-2024-36287 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-08-07 | N/A | 3.3 LOW |
| Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. | |||||
| CVE-2024-37182 | 1 Mattermost | 1 Mattermost Desktop | 2024-08-07 | N/A | 6.1 MEDIUM |
| Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes. | |||||
| CVE-2024-25091 | 2024-08-05 | N/A | 9.1 CRITICAL | ||
| Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment. | |||||
| CVE-2024-33883 | 2024-08-01 | N/A | 4.0 MEDIUM | ||
| The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. | |||||
| CVE-2023-42918 | 2024-08-01 | N/A | 8.6 HIGH | ||
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2024-6741 | 1 Openfind | 1 Mail2000 | 2024-07-19 | N/A | 5.3 MEDIUM |
| Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled. | |||||
| CVE-2024-38092 | 1 Microsoft | 1 Azure Cyclecloud | 2024-07-12 | N/A | 8.8 HIGH |
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||
| CVE-2024-38058 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-11 | N/A | 6.8 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2024-38070 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-07-11 | N/A | 7.8 HIGH |
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | |||||
| CVE-2024-39599 | 2024-07-09 | N/A | 4.7 MEDIUM | ||
| Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability. | |||||
| CVE-2024-27713 | 2024-07-09 | N/A | 8.8 HIGH | ||
| An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component. | |||||
| CVE-2024-29510 | 2024-07-08 | N/A | 6.3 MEDIUM | ||
| Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | |||||
| CVE-2024-34144 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||