Total
28764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6840 | 1 Gitlab | 1 Gitlab | 2024-03-04 | N/A | 6.7 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR. | |||||
| CVE-2024-0861 | 1 Gitlab | 1 Gitlab | 2024-03-04 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions. | |||||
| CVE-2024-0410 | 1 Gitlab | 1 Gitlab | 2024-03-04 | N/A | 7.7 HIGH |
| An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict. | |||||
| CVE-2023-4895 | 1 Gitlab | 1 Gitlab | 2024-03-04 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects | |||||
| CVE-2024-1525 | 1 Gitlab | 1 Gitlab | 2024-03-04 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP. | |||||
| CVE-2023-41784 | 1 Zte | 2 Redmagic 8 Pro, Redmagic 8 Pro Firmware | 2024-02-28 | N/A | 5.5 MEDIUM |
| Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro | |||||
| CVE-2023-51767 | 3 Fedoraproject, Openbsd, Redhat | 3 Fedora, Openssh, Enterprise Linux | 2024-02-27 | N/A | 7.0 HIGH |
| OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. | |||||
| CVE-2020-11935 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2024-02-23 | N/A | 5.5 MEDIUM |
| It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. | |||||
| CVE-2024-1709 | 1 Connectwise | 1 Screenconnect | 2024-02-23 | N/A | 10.0 CRITICAL |
| ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | |||||
| CVE-1999-0211 | 1 Sun | 1 Sunos | 2024-02-22 | 5.0 MEDIUM | N/A |
| Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. | |||||
| CVE-2024-25677 | 1 Minbrowser | 1 Min | 2024-02-15 | N/A | 8.8 HIGH |
| In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | |||||
| CVE-2007-1863 | 2 Apache, Apple | 2 Http Server, Mac Os X Server | 2024-02-15 | 5.0 MEDIUM | N/A |
| cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. | |||||
| CVE-2024-24776 | 1 Mattermost | 1 Mattermost Server | 2024-02-15 | N/A | 4.3 MEDIUM |
| Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. | |||||
| CVE-2023-47132 | 1 N-able | 1 N-central | 2024-02-15 | N/A | 9.8 CRITICAL |
| An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | |||||
| CVE-2023-27001 | 1 Egerie | 1 Egerie | 2024-02-15 | N/A | 8.8 HIGH |
| An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation. | |||||
| CVE-2023-43609 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2024-02-15 | N/A | 9.1 CRITICAL |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | |||||
| CVE-2024-22388 | 1 Hidglobal | 16 Iclass Se Cp1000 Encoder, Iclass Se Cp1000 Encoder Firmware, Iclass Se Processors and 13 more | 2024-02-14 | N/A | 7.8 HIGH |
| Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. | |||||
| CVE-2024-23446 | 1 Elastic | 1 Kibana | 2024-02-14 | N/A | 6.5 MEDIUM |
| An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index. | |||||
| CVE-2024-23447 | 1 Elastic | 1 Network Drive Connector | 2024-02-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user. | |||||
| CVE-2022-43486 | 1 Buffalo | 26 Wcr-1166ds, Wcr-1166ds Firmware, Wex-1800ax4 and 23 more | 2024-02-14 | N/A | 6.8 MEDIUM |
| Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. | |||||