Gitlab Community Edition And Gitlab Enterprise Edition 8.7.0 Through 8.15.7, 8.16.0 Through 8.16.7, 8.17.0 Through 8.17.3 Security Vulnerabilities
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: temporal-ui-server, supercronic, logstash-exporter, prometheus-alertmanager, direnv, doppler-kubernetes-operator, kuberay-operator, grype, k8sgpt-operator, cloud-sql-proxy, kubeflow-katib, mongo-tools, ip-masq-agent, golangci-lint, kubernetes, k3s, go-bindata,...
7.9AI Score
0.0004EPSS
GHSA-4G9R-VXHX-9PGX vulnerabilities
Vulnerabilities for packages: gradle, wavefront-proxy, neo4j, trino, jenkins, opensearch, dependency-track,...
7.5AI Score
5.3CVSS
5.5AI Score
0.001EPSS
6.7AI Score
EPSS
6.7AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: logstash-exporter, gostatsd, grafana-rollout-operator, prometheus-alertmanager, direnv, flux-source-controller, policy-controller, tfsec, mongo-tools, ipfs, ip-masq-agent, harbor-registry, zot, golangci-lint, kubernetes, stern, glab, go-bindata, cortex, delve, go,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: logstash-exporter, direnv, dagdotdev, cloud-sql-proxy, mongo-tools, ip-masq-agent, stern, swagger, hivemind, kubescape, pluto, cni-plugins, clusterctl, nri-discovery-kubernetes, sbom-scorecard, node-problem-detector, syft, prometheus-statsd-exporter, trivy,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: filebeat, dagger, istio-pilot-discovery, zarf, istio-pilot-agent, policy-controller, telegraf, skaffold, flux-helm-controller, kubeflow-katib, zot, k3s, helm-operator, vexctl, traefik, kargo, tekton-pipelines, timoni, gitsign, aactl, tekton-chains, kubescape,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: temporal-ui-server, supercronic, logstash-exporter, prometheus-alertmanager, direnv, doppler-kubernetes-operator, kuberay-operator, grype, k8sgpt-operator, cloud-sql-proxy, kubeflow-katib, mongo-tools, ip-masq-agent, golangci-lint, kubernetes, k3s, go-bindata,...
6AI Score
0.0004EPSS
7.5AI Score
5.5CVSS
5.6AI Score
0.0004EPSS
7.8AI Score
0.0004EPSS
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
EPSS
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
EPSS
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
EPSS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
EPSS
7.8CVSS
EPSS
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
EPSS
CVE-2024-6375 Missing authorization check may lead to shard key refinement
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
7AI Score
EPSS
CVE-2024-6375 Missing authorization check may lead to shard key refinement
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
EPSS
CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
EPSS
CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
7AI Score
EPSS
CVE-2024-23373 Use After Free in Graphics
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
7.4AI Score
EPSS
CVE-2024-23373 Use After Free in Graphics
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
EPSS
CVE-2024-23372 Integer Overflow or Wraparound in Graphics
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
7.5AI Score
EPSS
CVE-2024-23372 Integer Overflow or Wraparound in Graphics
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
EPSS
Memory corruption when allocating and accessing an entry in an SMEM...
7.8CVSS
EPSS
Memory corruption when allocating and accessing an entry in an SMEM...
7.8CVSS
7.4AI Score
EPSS
CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
7.4AI Score
EPSS
CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
EPSS
CVE-2024-21460 Use of Insufficiently Random Values in Core
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
EPSS
CVE-2024-21460 Use of Insufficiently Random Values in Core
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
7AI Score
EPSS
Software: xdg-utils 1.1.3 OS: ROSA-CHROME package_evr_string: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially...
6.5CVSS
6.7AI Score
0.002EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
7.1AI Score
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
EPSS
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 package_evr_string: openssh-8.0p1 CVE-ID: CVE-2019-16905 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: OpenSSH, when compiled with an experimental key type, has an integer overflow before authentication if the client or server is configured to use a...
7.8CVSS
7.6AI Score
0.004EPSS
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
EPSS
Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 package_evr_string: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert() function....
9.8CVSS
7.5AI Score
0.028EPSS
romo.com Cross Site Scripting vulnerability OBB-3939839
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dorsetthotels.com Cross Site Scripting vulnerability OBB-3939838
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...
8.1CVSS
8AI Score
EPSS
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters...
9.1CVSS
9.2AI Score
EPSS
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters...
9.1CVSS
EPSS
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly...
8.8CVSS
8.6AI Score
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.3AI Score
EPSS
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.3AI Score
EPSS
dyseno.com Cross Site Scripting vulnerability OBB-3939837
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score