Total
2039 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36364 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible | |||||
| CVE-2024-28174 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 5.8 MEDIUM |
| In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | |||||
| CVE-2024-28229 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | N/A | 6.5 MEDIUM |
| In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | |||||
| CVE-2024-0017 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.5 MEDIUM |
| In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-8650 | 2024-12-16 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests. | |||||
| CVE-2024-8116 | 2024-12-16 | N/A | 5.3 MEDIUM | ||
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names. | |||||
| CVE-2024-5258 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 4.4 MEDIUM |
| An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic. | |||||
| CVE-2024-3127 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | |||||
| CVE-2024-8970 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 8.2 HIGH |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | |||||
| CVE-2023-25185 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | N/A | 3.8 LOW |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | |||||
| CVE-2024-11669 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | |||||
| CVE-2024-44217 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-12 | N/A | 9.1 CRITICAL |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication. | |||||
| CVE-2024-44301 | 1 Apple | 1 Macos | 2024-12-12 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2024-4006 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions | |||||
| CVE-2024-10043 | 2024-12-12 | N/A | 3.1 LOW | ||
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. | |||||
| CVE-2023-34161 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 7.5 HIGH |
| nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2024-0199 | 1 Gitlab | 1 Gitlab | 2024-12-11 | N/A | 7.7 HIGH |
| An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions. | |||||
| CVE-2023-35866 | 1 Keepassxc | 1 Keepassxc | 2024-12-11 | N/A | 5.5 MEDIUM |
| In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker." | |||||
| CVE-2024-25149 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-10 | N/A | 5.4 MEDIUM |
| Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site. | |||||
| CVE-2024-25604 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-10 | N/A | 6.5 MEDIUM |
| Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel. | |||||