Vulnerabilities (CVE)

Filtered by CWE-284
Total 4436 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-27895 1 Huawei 1 Harmonyos 2026-06-17 N/A 7.5 HIGH
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2024-27891 2026-06-17 N/A 5.3 MEDIUM
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
CVE-2024-27855 1 Apple 3 Ipados, Iphone Os, Macos 2026-06-17 N/A 8.8 HIGH
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user.
CVE-2024-27841 1 Apple 3 Ipados, Iphone Os, Macos 2026-06-17 N/A 5.5 MEDIUM
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.
CVE-2024-27819 1 Apple 2 Ipados, Iphone Os 2026-06-17 N/A 2.4 LOW
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.
CVE-2024-27803 1 Apple 2 Ipados, Iphone Os 2026-06-17 N/A 2.4 LOW
A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.
CVE-2024-27792 1 Apple 1 Macos 2026-06-17 N/A 5.5 MEDIUM
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.
CVE-2024-27790 1 Claris 1 Filemaker Server 2026-06-17 N/A 7.5 HIGH
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.
CVE-2024-27605 1 Alldata 1 Alldata 2026-06-17 N/A 7.5 HIGH
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system.
CVE-2024-27602 1 Alldata 1 Alldata 2026-06-17 N/A 9.1 CRITICAL
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module.
CVE-2024-27497 1 Linksys 2 E2000, E2000 Firmware 2026-06-17 N/A 8.8 HIGH
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.
CVE-2024-27348 1 Apache 1 Hugegraph 2026-06-17 N/A 9.8 CRITICAL
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
CVE-2024-27264 1 Ibm 1 I 2026-06-17 N/A 7.4 HIGH
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.
CVE-2024-27200 2026-06-17 N/A 4.4 MEDIUM
Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-27187 1 Joomla 1 Joomla\! 2026-06-17 N/A 7.5 HIGH
Improper Access Controls allows backend users to overwrite their username when disallowed.
CVE-2024-26310 1 Archerirm 1 Archer 2026-06-17 N/A 4.3 MEDIUM
Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.
CVE-2024-26234 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2026-06-17 N/A 6.7 MEDIUM
Proxy Driver Spoofing Vulnerability
CVE-2024-26203 1 Microsoft 1 Azure Data Studio 2026-06-17 N/A 7.3 HIGH
Azure Data Studio Elevation of Privilege Vulnerability
CVE-2024-26201 1 Microsoft 1 Intune Company Portal 2026-06-17 N/A 6.6 MEDIUM
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
CVE-2024-26139 1 Citeum 1 Opencti 2026-06-17 N/A 8.3 HIGH
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.