Total
35574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45104 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | 6.3 Medium |
| A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | ||||
| CVE-2024-45103 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | 4.3 Medium |
| A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | ||||
| CVE-2024-1947 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.3 Medium |
| A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. | ||||
| CVE-2024-1942 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.3 Medium |
| Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of. | ||||
| CVE-2024-9164 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 9.6 Critical |
| An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. | ||||
| CVE-2024-29221 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.7 Medium |
| Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | ||||
| CVE-2018-7738 | 1 Kernel | 1 Util-linux | 2024-12-13 | N/A |
| In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. | ||||
| CVE-2024-10240 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 5.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances. | ||||
| CVE-2024-8237 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 6.5 Medium |
| A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file. | ||||
| CVE-2024-8177 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 5.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry. | ||||
| CVE-2024-8970 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 8.2 High |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | ||||
| CVE-2024-9633 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks. | ||||
| CVE-2024-11668 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.2 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results. | ||||
| CVE-2023-25683 | 1 Ibm | 1 Powervm Hypervisor | 2024-12-12 | 5.9 Medium |
| IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592. | ||||
| CVE-2022-48498 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-11669 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | ||||
| CVE-2024-45149 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-12-12 | 2.7 Low |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-11828 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.3 Medium |
| A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch. | ||||
| CVE-2024-8114 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 8.2 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. | ||||
| CVE-2021-26367 | 1 Amd | 102 Athlon Gold 3150c, Athlon Gold 3150c Firmware, Athlon Gold 3150g and 99 more | 2024-12-12 | 5.7 Medium |
| A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability. | ||||