2191
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability …
|
CWE-601
Open Redirect
|
CVE-2024-4283
|
2024-09-25 01:51 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2192
|
7.5 |
HIGH
Network
sigstore
|
sigstore-go
|
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bun…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2024-45395
|
2024-09-25 01:50 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2193
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to un…
|
NVD-CWE-noinfo
|
CVE-2024-6685
|
2024-09-25 01:48 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2194
|
6.1 |
MEDIUM
Network
|
cern
|
indico
|
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45399
|
2024-09-25 01:48 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2195
|
9.8 |
CRITICAL
Network
superstorefinder
|
super_store_finder
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/…
|
CWE-89
SQL Injection
|
CVE-2024-43978
|
2024-09-25 01:44 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2196
|
6.7 |
MEDIUM
Local
|
qnap
|
qvr_smart_client
|
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized c…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2022-27592
|
2024-09-25 01:44 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2197
|
7.5 |
HIGH
Network
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46580
|
2024-09-25 01:42 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2198
|
7.5 |
HIGH
Network
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted …
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46571
|
2024-09-25 01:42 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2199
|
7.5 |
HIGH
Network
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46568
|
2024-09-25 01:42 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2200
|
7.5 |
HIGH
Network
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46567
|
2024-09-25 01:42 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|