Total
2270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31644 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | N/A | 7.8 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
| CVE-2022-31646 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | N/A | 7.8 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
| CVE-2023-4617 | 2024-12-19 | N/A | 10.0 CRITICAL | ||
| Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9. | |||||
| CVE-2018-9374 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
| In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-54662 | 2024-12-18 | N/A | 9.1 CRITICAL | ||
| Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod. | |||||
| CVE-2023-21270 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
| In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-21987 | 1 Netapp | 1 Snapcenter | 2024-12-16 | N/A | 5.4 MEDIUM |
| SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | |||||
| CVE-2022-48488 | 1 Huawei | 1 Emui | 2024-12-16 | N/A | 5.3 MEDIUM |
| Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop. | |||||
| CVE-2023-51380 | 1 Github | 1 Enterprise Server | 2024-12-16 | N/A | 2.7 LOW |
| An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-51379 | 1 Github | 1 Enterprise Server | 2024-12-16 | N/A | 4.9 MEDIUM |
| An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2024-36365 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 6.8 MEDIUM |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent | |||||
| CVE-2024-36364 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible | |||||
| CVE-2024-0017 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.5 MEDIUM |
| In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-5258 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 4.4 MEDIUM |
| An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic. | |||||
| CVE-2024-3127 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | |||||
| CVE-2024-8970 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 8.2 HIGH |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | |||||
| CVE-2023-25185 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | N/A | 3.8 LOW |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | |||||
| CVE-2024-11669 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | |||||
| CVE-2024-44217 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-12 | N/A | 9.1 CRITICAL |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication. | |||||
| CVE-2024-4006 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions | |||||