5.7
CVE-2024-4597 - Cross-Site Request Forgery (CSRF) in GitLab
An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.
8.3
CVE-2024-3727 - Containers/image: digest type does not guarantee valid type
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
7.5
CVE-2024-30172 - org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
6.5
CVE-2024-3744 - Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokβ¦
A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when β¦
3.1
CVE-2024-4317 - PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otheβ¦
7.5
CVE-2024-33655 - unbound: DNSBomb vulnerability
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka tβ¦
6.3
CVE-2024-27793 -
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.
8.8
CVE-2024-34196 -
Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI functionβ¦
9.1
CVE-2024-26517 -
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.
8.8
CVE-2024-34308 -
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.