Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CVEs (508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-44122 1Apple 1Macos Apr 2, 2026 Oct 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An application may be able to break out of its sandbox.
CVE-2024-43585 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Oct 16, 2024 Oct 8, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Code Integrity Guard Security Feature Bypass Vulnerability
CVE-2024-43584 1Microsoft 6Windows 11 21h2 Windows 11 22h2Windows 11 23h2+3 more Oct 16, 2024 Oct 8, 2024 N/A· v4 8.4 HIGH· v3 N/A· v2 Windows Scripting Engine Security Feature Bypass Vulnerability
CVE-2024-43513 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Oct 17, 2024 Oct 8, 2024 N/A· v4 6.4 MEDIUM· v3 N/A· v2 BitLocker Security Feature Bypass Vulnerability
CVE-2024-20438 1Cisco 2Nexus Dashboard Nexus Dashboard Fabric Controller Oct 8, 2024 Oct 2, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authoriz...Show more A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.Show less
CVE-2024-46976 1Linuxfoundation 1Backstage Jan 3, 2025 Sep 17, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed i...Show more Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2024-45835 1Mattermost 1Mattermost Desktop Nov 1, 2024 Sep 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
CVE-2024-45833 1Mattermost 1Mattermost Mobile Sep 23, 2024 Sep 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Sw...Show more Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..Show less
CVE-2024-43487 1Microsoft 8Windows 10 1507 Windows 10 1607Windows 10 1809+5 more Sep 18, 2024 Sep 10, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38226 1Microsoft 3Office 2019 Office Long Term Servicing ChannelPublisher Oct 28, 2025 Sep 10, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2024-38217 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 28, 2025 Sep 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-45411 1Symfony 1Twig Nov 21, 2024 Sep 9, 2024 N/A· v4 8.6 HIGH· v3 N/A· v2 Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2....Show more Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.Show less
CVE-2022-4100 1Wpcerber 1Cerber Security Antispam & Malware Scan Sep 20, 2024 Aug 31, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attac...Show more The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.Show less
CVE-2024-20286 1Cisco 1Nx Os Oct 22, 2024 Aug 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system...Show more A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.Show less
CVE-2024-20284 1Cisco 1Nx Os Oct 17, 2024 Aug 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system...Show more A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.Show less
CVE-2024-39836 1Mattermost 1Mattermost Aug 23, 2024 Aug 22, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, crea...Show more Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.Show less
CVE-2024-24983 - - Aug 14, 2024 Aug 14, 2024 7.0 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network ac...Show more Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access.Show less
CVE-2024-24980 - - Aug 14, 2024 Aug 14, 2024 6.9 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-23499 1Intel 1Ethernet 800 Series Controllers Driver Sep 6, 2024 Aug 14, 2024 7.0 HIGH· v4 7.5 HIGH· v3 N/A· v2 Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of servi...Show more Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access.Show less
CVE-2024-38213 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Oct 28, 2025 Aug 13, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Windows Mark of the Web Security Feature Bypass Vulnerability

Previous 1...131415...26 Next