Export limit exceeded: 10568 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48491 | 1 Huawei | 1 Emui | 2024-12-17 | 5.3 Medium |
| Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time. | ||||
| CVE-2022-48495 | 1 Huawei | 1 Emui | 2024-12-17 | 5.3 Medium |
| Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained. | ||||
| CVE-2024-55579 | 2024-12-17 | 8.8 High | ||
| An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15. | ||||
| CVE-2024-21987 | 1 Netapp | 1 Snapcenter | 2024-12-16 | 5.4 Medium |
| SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | ||||
| CVE-2022-48488 | 1 Huawei | 1 Emui | 2024-12-16 | 5.3 Medium |
| Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop. | ||||
| CVE-2023-51380 | 1 Github | 1 Enterprise Server | 2024-12-16 | 2.7 Low |
| An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | ||||
| CVE-2023-51379 | 1 Github | 1 Enterprise Server | 2024-12-16 | 4.9 Medium |
| An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | ||||
| CVE-2024-0038 | 1 Google | 1 Android | 2024-12-16 | 7.8 High |
| In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31134 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 6.5 Medium |
| In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | ||||
| CVE-2024-36365 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 6.8 Medium |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent | ||||
| CVE-2024-36364 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 6.5 Medium |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible | ||||
| CVE-2024-28174 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 5.8 Medium |
| In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | ||||
| CVE-2024-28230 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | 6.5 Medium |
| In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | ||||
| CVE-2024-0017 | 1 Google | 1 Android | 2024-12-16 | 5.5 Medium |
| In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-40105 | 1 Google | 1 Android | 2024-12-13 | 5.5 Medium |
| In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40113 | 1 Google | 1 Android | 2024-12-13 | 5.5 Medium |
| In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-1949 | 2 Fedoraproject, Redhat | 4 Fedora, 389 Directory Server, Directory Server and 1 more | 2024-12-13 | 7.5 High |
| An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | ||||
| CVE-2024-5258 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.4 Medium |
| An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic. | ||||
| CVE-2024-5318 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts. | ||||
| CVE-2024-3127 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | ||||