Vulnerabilities (CVE)

Filtered by CWE-284
Total 4436 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-29054 1 Microsoft 1 Defender For Iot 2026-06-17 N/A 7.2 HIGH
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-28978 1 Dell 1 Openmanage Enterprise 2026-06-17 N/A 5.2 MEDIUM
Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.
CVE-2024-28969 1 Dell 1 Secure Connect Gateway 2026-06-17 N/A 4.3 MEDIUM
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.
CVE-2024-28968 1 Dell 1 Secure Connect Gateway 2026-06-17 N/A 5.4 MEDIUM
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVE-2024-28967 1 Dell 1 Secure Connect Gateway 2026-06-17 N/A 5.4 MEDIUM
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVE-2024-28966 1 Dell 1 Secure Connect Gateway 2026-06-17 N/A 5.4 MEDIUM
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVE-2024-28965 1 Dell 1 Secure Connect Gateway 2026-06-17 N/A 5.4 MEDIUM
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVE-2024-28960 3 Arm, Fedoraproject, Trustedfirmware 4 Mbed Crypto, Mbed Tls, Fedora and 1 more 2026-06-17 N/A 8.2 HIGH
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVE-2024-28922 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-17 N/A 4.1 MEDIUM
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28917 1 Microsoft 7 Azure Arc Extension Microsoft.azstackhci.operator, Azure Arc Extension Microsoft.azure.hybridnetwork, Azure Arc Extension Microsoft.azurekeyvaultsecretsprovider and 4 more 2026-06-17 N/A 6.2 MEDIUM
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
CVE-2024-28818 1 Samsung 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more 2026-06-17 N/A 5.9 MEDIUM
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) module. This can lead to disclosure of sensitive information.
CVE-2024-28805 1 Italtel 1 I-mcs Nfv 2026-06-17 N/A 9.1 CRITICAL
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
CVE-2024-28405 1 Sem-cms 1 Semcms 2026-06-17 N/A 7.2 HIGH
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.
CVE-2024-28390 1 Advancedplugins 1 Ultimateimagetool 2026-06-17 N/A 9.8 CRITICAL
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control.
CVE-2024-28338 1 Totolink 2 A8000ru, A8000ru Firmware 2026-06-17 N/A 8.0 HIGH
A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.
CVE-2024-28170 1 Intel 1 Raid Web Console 2026-06-17 N/A 3.3 LOW
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-28120 1 Codeium 1 Codeium 2026-06-17 N/A 6.5 MEDIUM
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.
CVE-2024-28115 1 Amazon 1 Freertos 2026-06-17 N/A 8.8 HIGH
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
CVE-2024-28087 2026-06-17 N/A 6.5 MEDIUM
In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.
CVE-2024-28050 1 Intel 2 Arc A Graphics, Iris Xe Graphics 2026-06-17 N/A 5.0 MEDIUM
Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access.