Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-05 | CVE-2024-29221 | Unspecified vulnerability in Mattermost Server Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | 3.8 |
| 2024-04-04 | CVE-2024-30261 | Undici is an HTTP/1.1 client, written from scratch for Node.js. | 3.5 |
| 2024-04-03 | CVE-2024-26764 | In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is submitted by libaio. | 3.3 |
| 2024-04-02 | CVE-2024-2745 | Unspecified vulnerability in Rapid7 Insightvm Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244. | 3.3 |
| 2024-04-02 | CVE-2024-20847 | Unspecified vulnerability in Samsung Android 12.0/13.0 Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information. | 3.3 |
| 2024-03-26 | CVE-2024-29196 | Path Traversal vulnerability in PHPmyfaq 3.2.5 phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. | 2.7 |
| 2024-03-22 | CVE-2022-32756 | Unspecified vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 2.7 |
| 2024-03-22 | CVE-2024-1742 | Unspecified vulnerability in Checkmk Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. | 3.3 |
| 2024-03-19 | CVE-2024-2616 | Out-of-bounds Write vulnerability in Mozilla Firefox To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. | 2.7 |
| 2024-03-15 | CVE-2023-46181 | Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |