Filtered by CWE-284
Filtered by vendor Subscriptions
Total 2874 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-38204 1 Microsoft 1 Azure Functions 2024-12-10 7.5 High
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
CVE-2024-43590 1 Microsoft 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 2024-12-10 7.8 High
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVE-2024-43456 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2024-12-10 4.8 Medium
Windows Remote Desktop Services Tampering Vulnerability
CVE-2024-43503 1 Microsoft 1 Sharepoint Server 2024-12-10 7.8 High
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2023-36790 1 Microsoft 1 Windows Server 2008 2024-12-10 7.8 High
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
CVE-2023-36561 1 Microsoft 1 Azure Devops Server 2024-12-10 7.3 High
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2023-36722 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-12-10 4.4 Medium
Active Directory Domain Services Information Disclosure Vulnerability
CVE-2023-36725 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2024-12-10 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-41772 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2024-12-10 7.8 High
Win32k Elevation of Privilege Vulnerability
CVE-2024-36989 1 Splunk 2 Cloud, Splunk 2024-12-10 6.5 Medium
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.
CVE-2024-23675 1 Splunk 2 Cloud, Splunk 2024-12-10 6.5 Medium
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
CVE-2024-45734 1 Splunk 2 Splunk, Splunk Enterprise 2024-12-10 4.3 Medium
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.
CVE-2024-45735 1 Splunk 4 Splunk, Splunk Cloud Platform, Splunk Enterprise and 1 more 2024-12-10 4.3 Medium
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.
CVE-2024-49600 2024-12-10 7.8 High
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
CVE-2024-11868 1 Thimpress 1 Learnpress 2024-12-10 5.3 Medium
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material.
CVE-2024-27841 1 Apple 4 Ipad Os, Ipados, Iphone Os and 1 more 2024-12-09 9.8 Critical
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.
CVE-2024-27790 1 Claris 1 Filemaker Server 2024-12-09 7.5 High
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.
CVE-2023-1862 1 Cloudflare 1 Warp 2024-12-09 7.3 High
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.
CVE-2024-12307 1 Unifiedtransform 1 Unifiedtransform 2024-12-09 4.3 Medium
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available.
CVE-2024-12306 1 Unifiedtransform 1 Unifiedtransform 2024-12-09 4.3 Medium
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.