Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CVEs (508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-34144 1Jenkins 1Script Security Oct 10, 2025 May 2, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipeli...Show more A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.Show less
CVE-2024-33903 - - Nov 21, 2024 Apr 29, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library.
CVE-2024-33883 - - Nov 21, 2024 Apr 28, 2024 N/A· v4 4.0 MEDIUM· v3 N/A· v2 The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
CVE-2022-48611 1Apple 1Itunes Dec 10, 2024 Apr 26, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
CVE-2024-29988 1Microsoft 9Windows 10 1809 Windows 10 21h2Windows 10 22h2+6 more Oct 28, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SmartScreen Prompt Security Feature Bypass Vulnerability
CVE-2024-28921 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 8, 2025 Apr 9, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28920 1Microsoft 9Windows 10 1809 Windows 10 21h2Windows 10 22h2+6 more Jan 8, 2025 Apr 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28919 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 8, 2025 Apr 9, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28903 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 8, 2025 Apr 9, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26250 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 8, 2025 Apr 9, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20669 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 8, 2025 Apr 9, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20665 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 6, 2025 Apr 9, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 BitLocker Security Feature Bypass Vulnerability
CVE-2024-30370 1Rarlab 1Winrar Jun 20, 2025 Apr 2, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required t...Show more RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page. The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. Was ZDI-CAN-23156.Show less
CVE-2024-28248 1Cilium 1Cilium Jan 9, 2025 Mar 18, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied...Show more Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue.Show less
CVE-2024-26163 1Microsoft 1Edge Chromium Nov 21, 2024 Mar 14, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-24562 1Vantage6 1Vantage6 Ui Aug 6, 2025 Mar 14, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in f...Show more vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx. Show less
CVE-2023-42938 1Apple 1Itunes Mar 28, 2025 Mar 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
CVE-2023-39368 - - Nov 21, 2024 Mar 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2023-22655 - - Nov 21, 2024 Mar 14, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-0681 1Miniorange 1Page Restriction Apr 8, 2026 Mar 13, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting acc...Show more The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage.Show less

Previous 1...151617...26 Next