Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9633 | 1 Gitlab | 1 Gitlab | 2024-11-14 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks. | ||||
| CVE-2023-29122 | 1 Enel X | 1 Juicebox Pro3.0 22kw Cellular | 2024-11-06 | 6.7 Medium |
| Under certain conditions, access to service libraries is granted to account they should not have access to. | ||||
| CVE-2023-4008 | 1 Gitlab | 1 Gitlab | 2024-10-03 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known. | ||||
| CVE-2023-41881 | 1 Vantage6 | 1 Vantage6 | 2024-09-17 | 3.7 Low |
| vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2022-22189 | 1 Juniper | 1 Contrail Service Orchestration | 2024-09-16 | 7.3 High |
| An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0. | ||||
| CVE-2024-41773 | 1 Ibm | 1 Global Configuration Management | 2024-08-26 | 6.5 Medium |
| IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. | ||||
| CVE-2021-32726 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-03 | 7.1 High |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. | ||||
| CVE-2021-32689 | 1 Nextcloud | 1 Talk | 2024-08-03 | 8.1 High |
| Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and 11.3.0. As a workaround, don't allow users to choose usernames themselves. This is the default behaviour of Nextcloud, but some user providers may allow doing so. | ||||
| CVE-2021-26248 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2024-08-03 | 6.2 Medium |
| Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource. | ||||
| CVE-2022-33737 | 1 Openvpn | 1 Openvpn Access Server | 2024-08-03 | 7.5 High |
| The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password | ||||
| CVE-2023-20044 | 1 Cisco | 1 Cx Cloud Agent | 2024-08-02 | 6.7 Medium |
| A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device. | ||||
| CVE-2023-20043 | 1 Cisco | 1 Cx Cloud Agent | 2024-08-02 | 6.7 Medium |
| A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device. | ||||
Page 1 of 1.