Skip to main content
CVE-2024-10214 LOW PATCH Monitor

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-44222 LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-40853 LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-40792 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-27849 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-8013 LOW Monitor

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mongo Crypt V1 So Mongocryptd
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-49755 LOW PATCH Monitor

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
3.1
EPSS
0.3%
CVE-2024-44265 LOW Monitor

The issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-44251 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2024-40851 LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-44123 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
2.3
EPSS
0.0%
CVE-2024-23843 LOW Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.0: from V5.0.0 through V5.0.60; Genian NAC. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

SQLi
NVD
CVSS 3.1
2.2
EPSS
0.2%
CVE-2024-5532 LOW Monitor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Operations Agent
NVD
CVSS 4.0
1.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy