Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2024-04-05 CVE-2024-21848 Improper Check for Dropped Privileges vulnerability in Mattermost Server
Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel
network
high complexity
mattermost CWE-273
3.1
2024-04-05 CVE-2024-29221 Unspecified vulnerability in Mattermost Server
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins.
network
low complexity
mattermost
3.8
2024-04-04 CVE-2024-30261 Undici is an HTTP/1.1 client, written from scratch for Node.js.
network
low complexity
nodejs fedoraproject
3.5
2024-03-22 CVE-2022-32756 Unspecified vulnerability in IBM Security Verify Directory 10.0.0
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm
2.7
2024-03-22 CVE-2024-1742 Unspecified vulnerability in Checkmk
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
local
low complexity
checkmk
3.3
2024-03-15 CVE-2023-46181 Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm
3.3
2024-03-14 CVE-2024-26246 Unspecified vulnerability in Microsoft Edge 112.0.1722.34/118.0.2088.88/122.0.2365.63
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
low complexity
microsoft
3.9
2024-03-11 CVE-2024-0052 Missing Authorization vulnerability in Google Android 14.0
In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check.
local
low complexity
google CWE-862
3.3
2024-03-11 CVE-2024-0053 Unspecified vulnerability in Google Android
In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy.
local
low complexity
google
3.3
2024-03-08 CVE-2024-23227 Unspecified vulnerability in Apple Macos
This issue was addressed with improved redaction of sensitive information.
local
low complexity
apple
3.3