Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
m vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-6239
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 prior to 23.11.13168.7, potentially enabling unauthorized acce...
M-files M-files Server
M-files M-files Server 23.10
M-files M-files Server 23.9
9.8
CVSSv3
CVE-2021-41807
Lack of rate limiting in M-Files Server and M-Files Web products with versions prior to 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
M-files M-files Server
M-files M-files Web
NA
CVE-2014-2742
Isode M-Link prior to 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
Isode M-link 15.1
Isode M-link 16.0
Isode M-link 14.6
Isode M-link 14.6.14
Isode M-link 15.1.10
6.5
CVSSv3
CVE-2021-20675
M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated malicious users to cau...
M-system Dl8-a Firmware
M-system Dl8-b Firmware
M-system Dl8-c Firmware
M-system Dl8-d Firmware
M-system Dl8-e Firmware
4.3
CVSSv3
CVE-2021-20676
M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated malicious users to byp...
M-system Dl8-a Firmware
M-system Dl8-b Firmware
M-system Dl8-c Firmware
M-system Dl8-d Firmware
M-system Dl8-e Firmware
7.8
CVSSv3
CVE-2023-2480
Missing access permissions checks in M-Files Client prior to 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
M-files M-files
4.3
CVSSv3
CVE-2022-4264
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files prior to 22.8.11691.0 allows low privilege user to change some configuration.
M-files M-files
7.8
CVSSv3
CVE-2023-0213
Elevation of privilege issue in M-Files Installer versions prior to 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.
M-files M-files
NA
CVE-2007-0156
M-Core stores the database under the web document root, which allows remote malicious users to obtain sensitive information via a direct request to db/uyelik.mdb.
M-core M-core
8.8
CVSSv3
CVE-2023-47250
In mprivacy-tools prior to 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control ...
M-privacy Rsbac-policy-tgpro
M-privacy Mprivacy-tools
M-privacy Tightgatevnc
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »