Search Results (364170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41836 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-12-12 5.5 Medium
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-45149 1 Adobe 3 Commerce, Commerce B2b, Magento 2024-12-12 2.7 Low
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-11828 1 Gitlab 1 Gitlab 2024-12-12 4.3 Medium
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch.
CVE-2024-45119 1 Adobe 3 Commerce, Commerce B2b, Magento 2024-12-12 4.9 Medium
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
CVE-2024-45120 1 Adobe 3 Commerce, Commerce B2b, Magento 2024-12-12 3.1 Low
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.
CVE-2024-8114 1 Gitlab 1 Gitlab 2024-12-12 8.2 High
An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.
CVE-2021-26367 1 Amd 102 Athlon Gold 3150c, Athlon Gold 3150c Firmware, Athlon Gold 3150g and 99 more 2024-12-12 5.7 Medium
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
CVE-2023-20584 2 Amd, Redhat 135 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 132 more 2024-12-12 5.3 Medium
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
CVE-2023-20510 1 Amd 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more 2024-12-12 4.7 Medium
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
CVE-2024-54117 1 Huawei 1 Harmonyos 2024-12-12 6.2 Medium
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54116 1 Huawei 1 Harmonyos 2024-12-12 4.3 Medium
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-54115 1 Huawei 1 Harmonyos 2024-12-12 4.3 Medium
Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54114 1 Huawei 1 Harmonyos 2024-12-12 4.4 Medium
Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54111 1 Huawei 1 Harmonyos 2024-12-12 5.7 Medium
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54106 1 Huawei 1 Harmonyos 2024-12-12 7.1 High
Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-2177 1 Gitlab 1 Gitlab 2024-12-12 6.8 Medium
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.
CVE-2024-54105 1 Huawei 1 Harmonyos 2024-12-12 5.1 Medium
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54104 1 Huawei 1 Harmonyos 2024-12-12 6.2 Medium
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-39599 1 Cszcms 1 Csz Cms 2024-12-12 5.4 Medium
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
CVE-2023-3441 1 Gitlab 1 Gitlab 2024-12-12 6.6 Medium
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.