Search CVE reports


Toggle filters

1 – 10 of 21693 results

Status is adjusted based on your filters.


CVE-2024-21543

Medium priority
Needs evaluation

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with...

1 affected package

djoser

Package 24.04 LTS
djoser Needs evaluation
Show less packages

CVE-2024-12455

Medium priority
Not affected

[powerpc: getrandom() returns EINVAL as retcode instead of errno]

2 affected packages

eglibc, glibc

Package 24.04 LTS
eglibc Not in release
glibc Not affected
Show less packages

CVE-2024-9387

Medium priority

Not in release

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

1 affected package

gitlab

Package 24.04 LTS
gitlab Not in release
Show less packages

CVE-2024-9367

Medium priority

Not in release

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a...

1 affected package

gitlab

Package 24.04 LTS
gitlab Not in release
Show less packages

CVE-2024-8647

Medium priority

Not in release

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the...

1 affected package

gitlab

Package 24.04 LTS
gitlab Not in release
Show less packages

CVE-2024-8233

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

1 affected package

gitlab

Package 24.04 LTS
gitlab Not in release
Show less packages

CVE-2024-8179

Medium priority

Not in release

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.

1 affected package

gitlab

Package 24.04 LTS
gitlab Not in release
Show less packages

CVE-2024-50339

Medium priority

Not in release

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17...

1 affected package

glpi

Package 24.04 LTS
glpi Not in release
Show less packages

CVE-2024-48912

Medium priority

Not in release

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch...

1 affected package

glpi

Package 24.04 LTS
glpi Not in release
Show less packages

CVE-2024-47835

Medium priority
Needs evaluation

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find...

2 affected packages

gst-plugins-base0.10, gst-plugins-base1.0

Package 24.04 LTS
gst-plugins-base0.10 Not in release
gst-plugins-base1.0 Needs evaluation
Show less packages