Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CVEs (508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-23284 4Apple FedoraprojectWebkitgtk+1 more 10Fedora IpadosIphone Os+7 more Apr 2, 2026 Mar 8, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing...Show more A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.Show less
CVE-2024-25091 - - Nov 21, 2024 Mar 1, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'Threat...Show more Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment.Show less
CVE-2024-0682 1Theandystratton 1Pagerestrict Apr 8, 2026 Feb 28, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page...Show more The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.Show less
CVE-2024-0680 1Wpexpertdeveloper 1Wp Private Content Plus Apr 8, 2026 Feb 28, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when...Show more The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.Show less
CVE-2024-21423 1Microsoft 1Edge Chromium Nov 29, 2024 Feb 23, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-1671 1Google 1Chrome Mar 27, 2025 Feb 21, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-52378 1Huawei 2Emui Harmonyos Mar 29, 2025 Feb 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-20923 1Oracle 3Graalvm JdkJre Nov 4, 2025 Feb 17, 2024 N/A· v4 3.1 LOW· v3 N/A· v2 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20...Show more Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).Show less
CVE-2024-0029 1Google 1Android Mar 14, 2025 Feb 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution pri...Show more In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-0014 1Google 1Android Mar 28, 2025 Feb 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. U...Show more In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2022-48219 1Hp 27Elite Mini 600 G9 Firmware Elite Mini 800 G9 FirmwareElite Sff 600 G9 Firmware+24 more Jan 9, 2026 Feb 14, 2024 N/A· v4 6.4 MEDIUM· v3 N/A· v2 Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance...Show more Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.Show less
CVE-2023-32644 1Intel 2Killer Proset/wireless Nov 21, 2024 Feb 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-25945 1Intel 1One Boot Flash Update Nov 21, 2024 Feb 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21412 1Microsoft 9Windows 10 1809 Windows 10 21h2Windows 10 22h2+6 more Oct 28, 2025 Feb 13, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Internet Shortcut Files Security Feature Bypass Vulnerability
CVE-2024-20673 1Microsoft 8Excel OfficeOffice Long Term Servicing Channel+5 more May 19, 2026 Feb 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Office Remote Code Execution Vulnerability
CVE-2024-25744 1Linux 1Linux Kernel May 7, 2025 Feb 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
CVE-2024-0809 2Fedoraproject Google 2Chrome Fedora May 15, 2025 Jan 24, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-0804 2Fedoraproject Google 2Chrome Fedora May 22, 2025 Jan 24, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-0747 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more May 22, 2025 Jan 23, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115...Show more When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.Show less
CVE-2024-20926 3Debian NetappOracle 8Cloud Insights Acquisition Unit Cloud Insights Storage Workload Security AgentDebian Linux+5 more Nov 3, 2025 Jan 16, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf...Show more Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).Show less

Previous 1...161718...26 Next