Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-8641 | 1 Gitlab | 1 Gitlab | 2024-09-18 | N/A | 8.8 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim. | |||||
CVE-2024-37294 | 2024-06-13 | N/A | 5.5 MEDIUM | ||
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch. | |||||
CVE-2020-1719 | 1 Redhat | 1 Wildfly | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected. | |||||
CVE-2019-14819 | 1 Redhat | 1 Openshift Container Platform | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints. |