Search CVE reports
71 – 80 of 37910 results
CVE-2024-47761
Medium priorityGLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges....
1 affected package
glpi
Package | 16.04 LTS |
---|---|
glpi | Needs evaluation |
CVE-2024-47760
Medium priorityGLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17...
1 affected package
glpi
Package | 16.04 LTS |
---|---|
glpi | Needs evaluation |
CVE-2024-47758
Medium priorityGLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges....
1 affected package
glpi
Package | 16.04 LTS |
---|---|
glpi | Needs evaluation |
CVE-2024-11053
Low priorityWhen asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the...
1 affected package
curl
Package | 16.04 LTS |
---|---|
curl | Needs evaluation |
CVE-2024-54133
Medium priorityAction Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to...
1 affected package
rails
Package | 16.04 LTS |
---|---|
rails | Needs evaluation |
CVE-2024-46657
Medium priorityArtifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
1 affected package
mupdf
Package | 16.04 LTS |
---|---|
mupdf | Needs evaluation |
CVE-2024-54152
Medium priorityAngular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the...
1 affected package
angular.js
Package | 16.04 LTS |
---|---|
angular.js | Needs evaluation |
CVE-2024-55638
Medium priorityDeserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.
1 affected package
drupal7
Package | 16.04 LTS |
---|---|
drupal7 | Needs evaluation |
CVE-2024-55637
Medium priorityDeserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
1 affected package
drupal7
Package | 16.04 LTS |
---|---|
drupal7 | Needs evaluation |
CVE-2024-55636
Medium priorityDeserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
1 affected package
drupal7
Package | 16.04 LTS |
---|---|
drupal7 | Needs evaluation |