Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6446 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.5 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application. | |||||
| CVE-2024-39671 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.3 CRITICAL |
| Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-1456 | 2024-11-21 | N/A | 7.1 HIGH | ||
| An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover. | |||||
| CVE-2023-7271 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.5 MEDIUM |
| Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-6832 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-6566 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 6.5 MEDIUM |
| Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-6514 | 1 Huawei | 2 Ajmd-370s, Ajmd-370s Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions. Successful exploitation of this vulnerability may allow attackers to access restricted functions. | |||||
| CVE-2023-6017 | 1 H2o | 1 H2o | 2024-11-21 | N/A | 7.1 HIGH |
| H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. | |||||
| CVE-2023-4304 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 3.8 LOW |
| Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0. | |||||
| CVE-2023-3229 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | N/A | 6.5 MEDIUM |
| Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. | |||||
| CVE-2023-3228 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | N/A | 5.7 MEDIUM |
| Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. | |||||
| CVE-2023-29294 | 1 Adobe | 2 Commerce, Magento | 2024-11-21 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-1887 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||
| CVE-2023-1542 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.4 MEDIUM |
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1541 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 3.8 LOW |
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-0565 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 5.5 MEDIUM |
| Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2022-4719 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-27782 | 3 Debian, Haxx, Splunk | 3 Debian Linux, Curl, Universal Forwarder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | |||||
| CVE-2022-1848 | 1 Erudika | 1 Para | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. | |||||
| CVE-2022-1155 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
| Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. | |||||