Export limit exceeded: 351351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35283 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6389 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions. | ||||
| CVE-2024-6385 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.6 Critical |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | ||||
| CVE-2024-6384 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 5.3 Medium |
| "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3 | ||||
| CVE-2024-6336 | 1 Github | 1 Enterprise Server | 2024-11-21 | 5.3 Medium |
| A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-6222 | 4 Apple, Docker, Linux and 1 more | 4 Macos, Desktop, Linux Kernel and 1 more | 2024-11-21 | 7.0 High |
| In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default. | ||||
| CVE-2024-6089 | 1 Rockwellautomation | 2 5015-aenftxt, 5015-aenftxt Firmware | 2024-11-21 | 7.5 High |
| An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. | ||||
| CVE-2024-5907 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-11-21 | 7.0 High |
| A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. | ||||
| CVE-2024-5905 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-11-21 | 4.4 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability. | ||||
| CVE-2024-5689 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127. | ||||
| CVE-2024-5655 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.6 Critical |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances. | ||||
| CVE-2024-5566 | 1 Github | 1 Enterprise Server | 2024-11-21 | 5.8 Medium |
| An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. | ||||
| CVE-2024-5500 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-5486 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.8 Medium |
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager | ||||
| CVE-2024-5470 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.8 Low |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens. | ||||
| CVE-2024-5465 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.9 Medium |
| Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-5430 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.8 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL. | ||||
| CVE-2024-5313 | 1 Schneider-electric | 2 Evlink Home, Evlink Home Firmware | 2024-11-21 | 6.5 Medium |
| CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts to perform a potential denial of service attack on the exposed SSH interface. | ||||
| CVE-2024-5257 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace. | ||||
| CVE-2024-5067 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles. | ||||
| CVE-2024-5013 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 7.5 High |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. | ||||