Filtered by vendor
Subscriptions
Total
2874 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38204 | 1 Microsoft | 1 Azure Functions | 2024-12-10 | 7.5 High |
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | ||||
CVE-2024-43590 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-12-10 | 7.8 High |
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | ||||
CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-12-10 | 4.8 Medium |
Windows Remote Desktop Services Tampering Vulnerability | ||||
CVE-2024-43503 | 1 Microsoft | 1 Sharepoint Server | 2024-12-10 | 7.8 High |
Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
CVE-2023-36790 | 1 Microsoft | 1 Windows Server 2008 | 2024-12-10 | 7.8 High |
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | ||||
CVE-2023-36561 | 1 Microsoft | 1 Azure Devops Server | 2024-12-10 | 7.3 High |
Azure DevOps Server Elevation of Privilege Vulnerability | ||||
CVE-2023-36722 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 4.4 Medium |
Active Directory Domain Services Information Disclosure Vulnerability | ||||
CVE-2023-36725 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-12-10 | 7.8 High |
Windows Kernel Elevation of Privilege Vulnerability | ||||
CVE-2023-41772 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-12-10 | 7.8 High |
Win32k Elevation of Privilege Vulnerability | ||||
CVE-2024-36989 | 1 Splunk | 2 Cloud, Splunk | 2024-12-10 | 6.5 Medium |
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive. | ||||
CVE-2024-23675 | 1 Splunk | 2 Cloud, Splunk | 2024-12-10 | 6.5 Medium |
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | ||||
CVE-2024-45734 | 1 Splunk | 2 Splunk, Splunk Enterprise | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard. | ||||
CVE-2024-45735 | 1 Splunk | 4 Splunk, Splunk Cloud Platform, Splunk Enterprise and 1 more | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. | ||||
CVE-2024-49600 | 2024-12-10 | 7.8 High | ||
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges. | ||||
CVE-2024-11868 | 1 Thimpress | 1 Learnpress | 2024-12-10 | 5.3 Medium |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material. | ||||
CVE-2024-27841 | 1 Apple | 4 Ipad Os, Ipados, Iphone Os and 1 more | 2024-12-09 | 9.8 Critical |
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory. | ||||
CVE-2024-27790 | 1 Claris | 1 Filemaker Server | 2024-12-09 | 7.5 High |
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests. | ||||
CVE-2023-1862 | 1 Cloudflare | 1 Warp | 2024-12-09 | 7.3 High |
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials. | ||||
CVE-2024-12307 | 1 Unifiedtransform | 1 Unifiedtransform | 2024-12-09 | 4.3 Medium |
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available. | ||||
CVE-2024-12306 | 1 Unifiedtransform | 1 Unifiedtransform | 2024-12-09 | 4.3 Medium |
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. |