Vulnerabilities (CVE)

Filtered by CWE-284
Total 4440 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-20343 2 Cisco, Linux 2 Ios Xr, Linux Kernel 2026-06-17 N/A 5.5 MEDIUM
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.
CVE-2024-20325 1 Cisco 1 Unified Intelligence Center 2026-06-17 N/A 5.1 MEDIUM
A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.
CVE-2024-20319 1 Cisco 1 Ios Xr 2026-06-17 N/A 4.3 MEDIUM
A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests.
CVE-2024-20302 1 Cisco 1 Nexus Dashboard Orchestrator 2026-06-17 N/A 5.4 MEDIUM
A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete tenant templates under non-associated tenants, which could disrupt network traffic.
CVE-2024-20291 1 Cisco 81 Nexus 3000 In Standalone Nx-os Mode, Nexus 3048, Nexus 31108pc-v and 78 more 2026-06-17 N/A 5.8 MEDIUM
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.
CVE-2024-20283 1 Cisco 1 Nexus Dashboard 2026-06-17 N/A 4.3 MEDIUM
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster.
CVE-2024-20279 1 Cisco 1 Application Policy Infrastructure Controller 2026-06-17 N/A 4.3 MEDIUM
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
CVE-2024-20261 1 Cisco 1 Firepower Threat Defense 2026-06-17 N/A 5.8 MEDIUM
A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a logic error when a specific class of encrypted archive files is inspected. An attacker could exploit this vulnerability by sending a crafted, encrypted archive file through the affected device. A successful exploit could allow the attacker to send an encrypted archive file, which could contain malware and should have been blocked and dropped at the Cisco FTD device.
CVE-2024-20065 2 Google, Mediatek 14 Android, Mt6768, Mt6781 and 11 more 2026-06-17 N/A 4.0 MEDIUM
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394.
CVE-2024-20036 2 Google, Mediatek 11 Android, Mt6835, Mt6855 and 8 more 2026-06-17 N/A 4.4 MEDIUM
In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508.
CVE-2024-1942 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.3 MEDIUM
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
CVE-2024-1898 1 Devolutions 1 Devolutions Server 2026-06-17 N/A 4.3 MEDIUM
Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator.
CVE-2024-1888 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.3 MEDIUM
Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server
CVE-2024-1887 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.3 MEDIUM
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. 
CVE-2024-1823 1 Codeastro 1 Simple Voting System 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.
CVE-2024-1701 1 Keerti1924 1 Php Mysql User Signup Login System 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1678 2026-06-17 N/A 5.3 MEDIUM
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content.
CVE-2024-1675 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 8.8 HIGH
Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-1668 1 Theme-fusion 1 Avada 2026-06-17 N/A 6.5 MEDIUM
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's "password" field).
CVE-2024-1632 1 Progress 1 Sitefinity 2026-06-17 N/A 8.8 HIGH
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.