| Page(s) : 1 ... 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 [1526] 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 ... | Result(s) : 329442 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 7.5 | 2024-12-12 | CVE-2024-54115 | cve | Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. |
| 7.5 | 2024-12-12 | CVE-2024-54116 | cve | Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
| 7.5 | 2024-12-12 | CVE-2024-54117 | cve | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| N/A | 2024-12-12 | CVE-2024-8179 | cve | An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to X... |
| N/A | 2024-12-12 | CVE-2024-8233 | cve | An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of servi... |
| N/A | 2024-12-12 | CVE-2024-8647 | cve | An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to lea... |
| N/A | 2024-12-12 | CVE-2024-9367 | cve | An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause unc... |
| N/A | 2024-12-12 | CVE-2024-9387 | cve | An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open... |
| 4.4 | 2024-12-12 | CVE-2024-12271 | cve | The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insuffici... |
| N/A | 2024-12-12 | CVE-2024-28142 | cve | Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/us... |
| N/A | 2024-12-12 | CVE-2024-36494 | cve | Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin... |
| N/A | 2024-12-12 | CVE-2024-36498 | cve | Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" fu... |
| N/A | 2024-12-12 | CVE-2024-47947 | cve | Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" fu... |
| N/A | 2024-12-12 | CVE-2024-54118 | cve | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| 7.5 | 2024-12-12 | CVE-2024-54119 | cve | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| 4.7 | 2024-12-12 | CVE-2024-54122 | cve | Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. |
| N/A | 2024-12-12 | CVE-2024-28143 | cve | The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to... |
| N/A | 2024-12-12 | CVE-2024-28144 | cve | An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users ... |
| N/A | 2024-12-12 | CVE-2024-28145 | cve | An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table... |
| N/A | 2024-12-12 | CVE-2024-28146 | cve | The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connect... |
| Page(s) : 1 ... 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 [1526] 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 ... | Result(s) : 329442 |
