Filtered by vendor
Subscriptions
Total
1853 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-48488 | 1 Huawei | 1 Emui | 2024-12-17 | 5.3 Medium |
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop. | ||||
CVE-2023-51380 | 1 Github | 1 Enterprise Server | 2024-12-16 | 2.7 Low |
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | ||||
CVE-2023-51379 | 1 Github | 1 Enterprise Server | 2024-12-16 | 4.9 Medium |
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | ||||
CVE-2024-31134 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 6.5 Medium |
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | ||||
CVE-2024-36365 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 6.8 Medium |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent | ||||
CVE-2024-36364 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 6.5 Medium |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible | ||||
CVE-2024-28174 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 5.8 Medium |
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | ||||
CVE-2024-28229 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | 6.5 Medium |
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | ||||
CVE-2024-0017 | 1 Google | 1 Android | 2024-12-16 | 5.5 Medium |
In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2024-8116 | 1 Gitlab | 1 Gitlab | 2024-12-16 | 5.3 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names. | ||||
CVE-2024-8650 | 1 Gitlab | 1 Gitlab | 2024-12-16 | 5.3 Medium |
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests. | ||||
CVE-2022-1949 | 2 Fedoraproject, Redhat | 4 Fedora, 389 Directory Server, Directory Server and 1 more | 2024-12-13 | 7.5 High |
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | ||||
CVE-2024-5258 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.4 Medium |
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic. | ||||
CVE-2024-3127 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.3 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | ||||
CVE-2024-55662 | 2024-12-13 | 10 Critical | ||
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`. | ||||
CVE-2024-8970 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 8.2 High |
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | ||||
CVE-2023-25185 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-13 | 3.8 Low |
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | ||||
CVE-2022-22307 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-12-13 | 4.4 Medium |
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753. | ||||
CVE-2024-11669 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 6.5 Medium |
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | ||||
CVE-2024-44217 | 1 Apple | 3 Ipad Os, Ipados, Iphone Os | 2024-12-12 | 9.1 Critical |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication. |