Search CVE reports

Toggle filters

7101 – 7110 of 60505 results

CVE-2024-10396

Medium priority
Needs evaluation

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided...

1 affected package

openafs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openafs Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-10394

Medium priority
Needs evaluation

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the...

1 affected package

openafs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openafs Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-10921

Medium priority
Needs evaluation

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-9633

Medium priority
Ignored

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to...

1 affected package

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gitlab Not in release Not in release Not in release
Show less packages

CVE-2024-8648

Medium priority
Ignored

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics...

1 affected package

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gitlab Not in release Not in release Not in release
Show less packages

CVE-2024-10979

Medium priority

Some fixes available 5 of 7

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if...

8 affected packages

postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-16 Fixed Not in release Not in release
postgresql-14 Not in release Fixed Not in release
postgresql-12 Not in release Not in release Fixed
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release
postgresql-17 Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2024-10978

Medium priority

Some fixes available 5 of 7

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an...

8 affected packages

postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-16 Fixed Not in release Not in release
postgresql-14 Not in release Fixed Not in release
postgresql-12 Not in release Not in release Fixed
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release
postgresql-17 Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2024-10977

Medium priority

Some fixes available 5 of 7

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a...

8 affected packages

postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-16 Fixed Not in release Not in release
postgresql-14 Not in release Fixed Not in release
postgresql-12 Not in release Not in release Fixed
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release
postgresql-17 Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2024-10976

Medium priority

Some fixes available 5 of 7

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID...

8 affected packages

postgresql-16, postgresql-14, postgresql-12, postgresql-10, postgresql-9.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-16 Fixed Not in release Not in release
postgresql-14 Not in release Fixed Not in release
postgresql-12 Not in release Not in release Fixed
postgresql-10 Not in release Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release
postgresql-17 Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2024-3447

Medium priority

Some fixes available 4 of 9

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed Needs evaluation Needs evaluation
Show less packages
  1. Previous page
  2. 709
  3. 710
  4. 711
  5. 712
  6. 713
  7. Next page
Export to JSON