Filtered by vendor
Subscriptions
Total
304 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-44187 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2024-09-25 | 6.5 Medium |
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | ||||
CVE-2024-41475 | 2 Gnuboard, Sir | 2 Gnuboard6, Gnuboard | 2024-09-18 | 9.8 Critical |
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. | ||||
CVE-2024-41926 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 2.7 Low |
Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote. | ||||
CVE-2024-23458 | 1 Zscaler | 1 Client Connector | 2024-08-08 | 7.3 High |
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190. |