Latest CVE Feed
-
6.4
MEDIUMCVE-2022-31667
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and... Read more
Affected Products : harbor- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024
-
7.7
HIGHCVE-2022-31668
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could mod... Read more
Affected Products : harbor- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024
-
7.7
HIGHCVE-2022-31670
Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker cou... Read more
Affected Products : harbor- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024
-
7.7
HIGHCVE-2022-31669
Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attack... Read more
Affected Products : harbor- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024
-
9.8
CRITICALCVE-2024-52306
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.... Read more
Affected Products : filemanager- Published: Nov. 13, 2024
- Modified: Nov. 19, 2024
-
10.0
CRITICALCVE-2022-1884
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` t... Read more
- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
9.8
CRITICALCVE-2023-0109
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is acces... Read more
Affected Products : memos- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
6.5
MEDIUMCVE-2023-0737
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.... Read more
Affected Products : wallabag- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
7.8
HIGHCVE-2024-43530
Windows Update Stack Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
8.1
HIGHCVE-2024-43598
LightGBM Remote Code Execution Vulnerability... Read more
Affected Products : lightgbm- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
9.9
CRITICALCVE-2024-43602
Azure CycleCloud Remote Code Execution Vulnerability... Read more
Affected Products : azure_cyclecloud- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
8.8
HIGHCVE-2024-43624
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.8
HIGHCVE-2024-43626
Windows Telephony Service Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.8
HIGHCVE-2024-50159
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() Clang static checker(scan-build) throws below warning: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2... Read more
Affected Products : linux_kernel- Published: Nov. 07, 2024
- Modified: Nov. 19, 2024
-
5.5
MEDIUMCVE-2024-50152
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea() Clang static checker(scan-build) warning: fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfree(e... Read more
Affected Products : linux_kernel- Published: Nov. 07, 2024
- Modified: Nov. 19, 2024
-
7.8
HIGHCVE-2024-43630
Windows Kernel Elevation of Privilege Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024
-
7.8
HIGHCVE-2024-49051
Microsoft PC Manager Elevation of Privilege Vulnerability... Read more
Affected Products : pc_manager- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024
-
7.8
HIGHCVE-2024-43631
Windows Secure Kernel Mode Elevation of Privilege Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024
-
6.5
MEDIUM- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024
-
6.8
MEDIUMCVE-2024-43634
Windows USB Video Class System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024