Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41647 1 Openrobotics 1 Robot Operating System 2024-12-13 9.8 Critical
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.
CVE-2024-26119 1 Adobe 1 Experience Manager 2024-12-13 5.3 Medium
Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.
CVE-2024-11948 1 Gfi 1 Archiver 2024-12-13 9.8 Critical
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041.
CVE-2024-45104 1 Lenovo 1 Xclarity Administrator 2024-12-13 6.3 Medium
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVE-2024-45103 1 Lenovo 1 Xclarity Administrator 2024-12-13 4.3 Medium
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2024-44200 1 Apple 2 Ipados, Iphone Os 2024-12-13 5.5 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information.
CVE-2024-44299 1 Apple 2 Ipados, Iphone Os 2024-12-13 8.8 High
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.
CVE-2024-1947 1 Gitlab 1 Gitlab 2024-12-13 4.3 Medium
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.
CVE-2024-1942 1 Mattermost 1 Mattermost Server 2024-12-13 4.3 Medium
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
CVE-2024-9164 1 Gitlab 1 Gitlab 2024-12-13 9.6 Critical
An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.
CVE-2024-29221 1 Mattermost 1 Mattermost Server 2024-12-13 4.7 Medium
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins.
CVE-2018-7738 1 Kernel 1 Util-linux 2024-12-13 N/A
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
CVE-2024-10240 1 Gitlab 1 Gitlab 2024-12-13 5.3 Medium
An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.
CVE-2024-8237 1 Gitlab 1 Gitlab 2024-12-13 6.5 Medium
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.
CVE-2024-8177 1 Gitlab 1 Gitlab 2024-12-13 5.3 Medium
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.
CVE-2024-8970 1 Gitlab 1 Gitlab 2024-12-13 8.2 High
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVE-2024-9633 1 Gitlab 1 Gitlab 2024-12-12 3.1 Low
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.
CVE-2024-11668 1 Gitlab 1 Gitlab 2024-12-12 4.2 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.
CVE-2023-25683 1 Ibm 1 Powervm Hypervisor 2024-12-12 5.9 Medium
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.
CVE-2022-48498 1 Huawei 1 Emui 2024-12-12 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.