Total
1959 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11669 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | |||||
| CVE-2024-44217 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-12 | N/A | 9.1 CRITICAL |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication. | |||||
| CVE-2024-44301 | 1 Apple | 1 Macos | 2024-12-12 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2024-4006 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions | |||||
| CVE-2024-10043 | 2024-12-12 | N/A | 3.1 LOW | ||
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. | |||||
| CVE-2023-34161 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 7.5 HIGH |
| nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2024-0199 | 1 Gitlab | 1 Gitlab | 2024-12-11 | N/A | 7.7 HIGH |
| An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions. | |||||
| CVE-2023-35866 | 1 Keepassxc | 1 Keepassxc | 2024-12-11 | N/A | 5.5 MEDIUM |
| In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker." | |||||
| CVE-2024-38002 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-10 | N/A | 9.0 CRITICAL |
| The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API. | |||||
| CVE-2024-55579 | 2024-12-10 | N/A | 8.8 HIGH | ||
| An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15. | |||||
| CVE-2023-52361 | 1 Huawei | 1 Harmonyos | 2024-12-09 | N/A | 7.5 HIGH |
| The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity. | |||||
| CVE-2024-23262 | 1 Apple | 3 Ipados, Iphone Os, Visionos | 2024-12-09 | N/A | 3.3 LOW |
| This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI. | |||||
| CVE-2023-29708 | 1 Wavlink | 1 Wavrouter App | 2024-12-06 | N/A | 7.5 HIGH |
| An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. | |||||
| CVE-2024-11680 | 1 Projectsend | 1 Projectsend | 2024-12-06 | N/A | 9.8 CRITICAL |
| ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | |||||
| CVE-2024-23255 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2024-12-06 | N/A | 2.4 LOW |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication. | |||||
| CVE-2024-12247 | 2024-12-05 | N/A | 4.6 MEDIUM | ||
| Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated. | |||||
| CVE-2023-32353 | 1 Apple | 1 Itunes | 2024-12-05 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges. | |||||
| CVE-2021-30205 | 1 Dzzoffice | 1 Dzzoffice | 2024-12-05 | N/A | 5.3 MEDIUM |
| Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. | |||||
| CVE-2024-50671 | 2024-12-04 | N/A | 4.3 MEDIUM | ||
| Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users. | |||||
| CVE-2023-34148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 7.8 HIGH |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | |||||