Total
29099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22648 | 1 Suse | 1 Rancher | 2024-10-09 | 8 High |
| A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4. | ||||
| CVE-2023-22647 | 1 Suse | 1 Rancher | 2024-10-09 | 9.9 Critical |
| An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. | ||||
| CVE-2024-29054 | 1 Microsoft | 1 Defender For Iot | 2024-10-09 | 7.2 High |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2024-29055 | 1 Microsoft | 1 Defender For Iot | 2024-10-09 | 7.2 High |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2024-43461 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-10-09 | 8.8 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2023-38898 | 1 Python | 1 Python | 2024-10-08 | 5.3 Medium |
| An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | ||||
| CVE-2024-4278 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 5.5 Medium |
| An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. | ||||
| CVE-2023-2485 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 4.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. | ||||
| CVE-2023-1825 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 3.1 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. | ||||
| CVE-2023-1401 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 5 Medium |
| An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. | ||||
| CVE-2023-39743 | 1 Pete4abw | 1 Lzma Software Development Kit | 2024-10-08 | 5.3 Medium |
| lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. | ||||
| CVE-2023-3906 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 3.5 Low |
| An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy. | ||||
| CVE-2023-3907 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 4.9 Medium |
| A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner | ||||
| CVE-2023-32488 | 1 Dell | 1 Powerscale Onefs | 2024-10-08 | 5.3 Medium |
| Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2023-32489 | 1 Dell | 1 Powerscale Onefs | 2024-10-08 | 6.7 Medium |
| Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. | ||||
| CVE-2023-32493 | 1 Dell | 1 Powerscale Onefs | 2024-10-08 | 7.3 High |
| Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution. | ||||
| CVE-2021-43948 | 1 Atlassian | 1 Jira Service Management | 2024-10-08 | 4.3 Medium |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0. | ||||
| CVE-2024-38070 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-10-08 | 7.8 High |
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | ||||
| CVE-2024-38058 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-10-08 | 6.8 Medium |
| BitLocker Security Feature Bypass Vulnerability | ||||
| CVE-2024-38112 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2024-10-08 | 7.5 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||