Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CVEs (508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-35352 1Microsoft 4Windows Server 2012 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-33150 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more May 19, 2026 Jul 11, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-3089 1Redhat 5Openshift Container Platform Openshift Container Platform For Arm64Openshift Container Platform For Linuxone+2 more Nov 21, 2024 Jul 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
CVE-2021-31982 1Microsoft 1Edge Chromium Feb 28, 2025 Jul 1, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-30757 1Siemens 1Totally Integrated Automation Portal Dec 10, 2024 Jun 13, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA...Show more A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.Show less
CVE-2023-30851 1Cilium 1Cilium Nov 21, 2024 May 25, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place t...Show more Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2.Show less
CVE-2022-41979 1Intel 1Data Center Manager Nov 21, 2024 May 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
CVE-2023-29354 1Microsoft 1Edge Chromium Feb 28, 2025 May 5, 2023 N/A· v4 4.7 MEDIUM· v3 N/A· v2 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-28286 1Microsoft 1Edge Chromium Feb 28, 2025 Apr 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-28284 1Microsoft 1Edge Feb 28, 2025 Apr 11, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-21024 1Google 1Android Feb 25, 2025 Mar 24, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...Show more In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238Show less
CVE-2023-0085 1Wpmet 1Metform Elementor Contact Form Builder Apr 8, 2026 Mar 2, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted d...Show more The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms.Show less
CVE-2023-25765 1Jenkins 1Email Extension Mar 19, 2025 Feb 15, 2023 N/A· v4 9.9 CRITICAL· v3 N/A· v2 In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox pro...Show more In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.Show less
CVE-2022-48290 1Huawei 1Harmonyos Mar 24, 2025 Feb 9, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.
CVE-2022-48287 1Huawei 2Emui Harmonyos Mar 24, 2025 Feb 9, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.
CVE-2023-0002 1Paloaltonetworks 1Cortex Xdr Agent Nov 21, 2024 Feb 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
CVE-2023-20919 1Google 1Android Apr 2, 2025 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...Show more In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068Show less
CVE-2023-23589 3Debian FedoraprojectTorproject 3Debian Linux FedoraTor Apr 7, 2025 Jan 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
CVE-2021-26355 1Amd 24Epyc 7003 Firmware Epyc 72f3 FirmwareEpyc 7313 Firmware+21 more Apr 9, 2025 Jan 11, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.
CVE-2023-0141 1Google 1Chrome Mar 20, 2025 Jan 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Previous 1...181920...26 Next