Filtered by vendor
Subscriptions
Total
8850 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-53243 | 2024-12-11 | 4.3 Medium | ||
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. | ||||
CVE-2024-53244 | 2024-12-11 | 5.7 Medium | ||
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | ||||
CVE-2024-38030 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 6.5 Medium |
Windows Themes Spoofing Vulnerability | ||||
CVE-2024-38020 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-12-10 | 6.5 Medium |
Microsoft Outlook Spoofing Vulnerability | ||||
CVE-2024-38017 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-10 | 5.5 Medium |
Microsoft Message Queuing Information Disclosure Vulnerability | ||||
CVE-2024-38041 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-12-10 | 5.5 Medium |
Windows Kernel Information Disclosure Vulnerability | ||||
CVE-2024-30081 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-10 | 7.1 High |
Windows NTLM Spoofing Vulnerability | ||||
CVE-2024-43610 | 2024-12-10 | 7.4 High | ||
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector | ||||
CVE-2024-43609 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-12-10 | 6.5 Medium |
Microsoft Office Spoofing Vulnerability | ||||
CVE-2024-54151 | 2024-12-10 | 7.5 High | ||
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do any of the supported operations (CRUD, subscriptions) with full admin privileges. This impacts any Directus instance that has either `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` set to `public` allowing unauthenticated users to subscribe for changes on any collection or do REST CRUD operations on user defined collections ignoring permissions. Version 11.3.0 fixes the issue. | ||||
CVE-2024-45739 | 1 Splunk | 1 Splunk | 2024-12-10 | 4.9 Medium |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. | ||||
CVE-2023-32710 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 4.8 Medium |
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | ||||
CVE-2024-45738 | 1 Splunk | 1 Splunk | 2024-12-10 | 4.9 Medium |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. | ||||
CVE-2024-36986 | 1 Splunk | 2 Cloud, Splunk | 2024-12-10 | 6.3 Medium |
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | ||||
CVE-2024-54137 | 1 Open Quantum Safe | 1 Liboqs | 2024-12-10 | 7.4 High |
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0. | ||||
CVE-2024-11106 | 1 Wpchill | 1 Simple Restrict | 2024-12-10 | 5.3 Medium |
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
CVE-2021-37867 | 1 Mattermost | 1 Mattermost Boards | 2024-12-07 | 4.3 Medium |
Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure. | ||||
CVE-2022-0708 | 1 Mattermost | 1 Mattermost | 2024-12-07 | 4.3 Medium |
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure. | ||||
CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2024-12-07 | 4.3 Medium |
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | ||||
CVE-2022-2401 | 1 Mattermost | 1 Mattermost Server | 2024-12-07 | 6.5 Medium |
Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs. |