Search CVE reports


Toggle filters

71 – 80 of 37910 results

Status is adjusted based on your filters.


CVE-2024-47761

Medium priority
Needs evaluation

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges....

1 affected package

glpi

Package 16.04 LTS
glpi Needs evaluation
Show less packages

CVE-2024-47760

Medium priority
Needs evaluation

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17...

1 affected package

glpi

Package 16.04 LTS
glpi Needs evaluation
Show less packages

CVE-2024-47758

Medium priority
Needs evaluation

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges....

1 affected package

glpi

Package 16.04 LTS
glpi Needs evaluation
Show less packages

CVE-2024-11053

Low priority
Needs evaluation

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the...

1 affected package

curl

Package 16.04 LTS
curl Needs evaluation
Show less packages

CVE-2024-54133

Medium priority
Needs evaluation

Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to...

1 affected package

rails

Package 16.04 LTS
rails Needs evaluation
Show less packages

CVE-2024-46657

Medium priority
Needs evaluation

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

1 affected package

mupdf

Package 16.04 LTS
mupdf Needs evaluation
Show less packages

CVE-2024-54152

Medium priority
Needs evaluation

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the...

1 affected package

angular.js

Package 16.04 LTS
angular.js Needs evaluation
Show less packages

CVE-2024-55638

Medium priority
Needs evaluation

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.

1 affected package

drupal7

Package 16.04 LTS
drupal7 Needs evaluation
Show less packages

CVE-2024-55637

Medium priority
Needs evaluation

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

1 affected package

drupal7

Package 16.04 LTS
drupal7 Needs evaluation
Show less packages

CVE-2024-55636

Medium priority
Needs evaluation

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

1 affected package

drupal7

Package 16.04 LTS
drupal7 Needs evaluation
Show less packages