Filtered by NVD-CWE-noinfo
Filtered by vendor Subscriptions
Total 30220 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-7554 1 Gitlab 1 Gitlab 2024-08-29 4.9 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner.
CVE-2024-8216 1 Insurance Management System Project 1 Insurance Management System 2024-08-29 5.4 Medium
A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-5423 1 Gitlab 1 Gitlab 2024-08-29 6.5 Medium
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.
CVE-2024-4210 1 Gitlab 1 Gitlab 2024-08-29 6.5 Medium
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files.
CVE-2024-42493 1 Dorsettcontrols 1 Infoscan 2024-08-29 5.3 Medium
Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login.
CVE-2024-39287 1 Dorsettcontrols 1 Infoscan 2024-08-29 5.3 Medium
Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.
CVE-2024-42440 1 Zoom 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more 2024-08-29 6.2 Medium
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2024-42441 1 Zoom 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more 2024-08-29 6.2 Medium
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2024-45236 2 Fort Validator Project, Nicmx 2 Fort Validator, Fort-validator 2024-08-28 7.5 High
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45234 1 Nicmx 1 Fort-validator 2024-08-28 7.5 High
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-8033 2 Google, Microsoft 2 Chrome, Windows 2024-08-27 4.3 Medium
Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-6978 1 Catonetworks 1 Cato Client 2024-08-27 5.6 Medium
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
CVE-2024-6973 1 Catonetworks 2 Cato Client, Sdp Client 2024-08-27 7.5 High
Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34.
CVE-2024-7972 1 Google 1 Chrome 2024-08-26 8.1 High
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-44382 1 Dlink 3 Di-8004w Firmware, Di 8004w, Di 8004w Firmware 2024-08-26 8.8 High
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
CVE-2024-44381 1 Dlink 3 Di-8004w Firmware, Di 8004w, Di 8004w Firmware 2024-08-26 8.8 High
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
CVE-2024-24580 1 Intel 4 Data Center Gpu Max 1100, Data Center Gpu Max 1100 Firmware, Data Center Gpu Max 1550 and 1 more 2024-08-23 6.5 Medium
Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-41976 1 Siemens 54 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 51 more 2024-08-23 7.2 High
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly validate input in specific VPN configuration fields. This could allow an authenticated remote attacker to execute arbitrary code on the device.
CVE-2024-20451 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-23 7.5 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.
CVE-2020-11846 2 Microfocus, Opentext 2 Netiq Privileged Access Manager, Privileged Access Manager 2024-08-23 8.7 High
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.