Security Vulnerabilities - CVEs Published In February 2024
Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-02-14
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
5.3
EPSS Score
0.057
Published
2024-02-14
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-02-14
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-14
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVSS Score
9.6
EPSS Score
0.005
Published
2024-02-14
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-02-14
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-02-14
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-02-14
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-02-14
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.
CVSS Score
8.0
EPSS Score
0.016
Published
2024-02-14