Total
262913 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8631 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 5.5 Medium |
A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles. | ||||
CVE-2024-8311 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 6.5 Medium |
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template. | ||||
CVE-2024-8124 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 7.5 High |
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a large `glm_source` parameter. | ||||
CVE-2024-6678 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 9.9 Critical |
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. | ||||
CVE-2024-6446 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 3.5 Low |
An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application. | ||||
CVE-2024-6389 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 4.3 Medium |
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions. | ||||
CVE-2016-8728 | 1 Artifex | 1 Mupdf | 2024-09-13 | 7.8 High |
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability. | ||||
CVE-2024-5435 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 4.5 Medium |
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration. | ||||
CVE-2024-4660 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 6.5 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates. | ||||
CVE-2024-4612 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 6.4 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow. | ||||
CVE-2024-4472 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 4 Medium |
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs. | ||||
CVE-2024-2743 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 5.3 Medium |
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables. | ||||
CVE-2023-4601 | 2 Microsoft, Ni | 2 Windows, System Configuration | 2024-09-13 | 8.1 High |
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions. | ||||
CVE-2024-8640 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 8.5 High |
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server. | ||||
CVE-2024-43342 | 1 Bdthemes | 1 Ultimate Store Kit | 2024-09-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4. | ||||
CVE-2024-8641 | 1 Gitlab | 1 Gitlab | 2024-09-13 | 6.7 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim. | ||||
CVE-2024-41873 | 2024-09-13 | 5.5 Medium | ||
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-41871 | 1 Adobe | 1 Media Encoder | 2024-09-13 | 5.5 Medium |
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2016-10247 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-09-13 | 5.5 Medium |
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | ||||
CVE-2024-41870 | 2024-09-13 | 5.5 Medium | ||
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |