Total
136 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-20665 | 2024-06-28 | 6.1 Medium | ||
BitLocker Security Feature Bypass Vulnerability | ||||
CVE-2024-6153 | 2024-06-28 | N/A | ||
Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-19481. | ||||
CVE-2024-30052 | 2024-06-27 | 4.7 Medium | ||
Visual Studio Remote Code Execution Vulnerability | ||||
CVE-2024-30041 | 2024-06-19 | 5.4 Medium | ||
Microsoft Bing Search Spoofing Vulnerability | ||||
CVE-2024-30050 | 2024-06-19 | 5.4 Medium | ||
Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
CVE-2024-21423 | 2024-06-18 | 4.8 Medium | ||
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
CVE-2024-5924 | 2024-06-17 | N/A | ||
Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991. | ||||
CVE-2024-36287 | 2024-06-17 | 3.8 Low | ||
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. | ||||
CVE-2024-37182 | 2024-06-17 | 4.7 Medium | ||
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes. | ||||
CVE-2023-4039 | 1 Gnu | 1 Gcc | 2024-06-13 | 4.8 Medium |
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. | ||||
CVE-2024-26163 | 1 Microsoft | 1 Edge Chromium | 2024-06-11 | 4.7 Medium |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
CVE-2024-29988 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-06-11 | 8.8 High |
SmartScreen Prompt Security Feature Bypass Vulnerability | ||||
CVE-2024-28903 | 2024-06-11 | 6.7 Medium | ||
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-28919 | 2024-06-11 | 6.7 Medium | ||
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-28921 | 2024-06-11 | 6.7 Medium | ||
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-28920 | 2024-06-11 | 7.8 High | ||
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-26250 | 2024-06-11 | 6.7 Medium | ||
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-20669 | 2024-06-11 | 6.7 Medium | ||
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-21412 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-06-11 | 8.1 High |
Internet Shortcut Files Security Feature Bypass Vulnerability | ||||
CVE-2024-20673 | 1 Microsoft | 7 Excel, Office, Powerpoint and 4 more | 2024-06-11 | 7.8 High |
Microsoft Office Remote Code Execution Vulnerability |