Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2022-31668 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31669 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31670 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31671 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. | 7.4 |
| 2024-11-14 | CVE-2024-45670 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | 8.1 |
| 2024-11-14 | CVE-2024-9693 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations. | 8.8 |
| 2024-11-13 | CVE-2023-35659 | Unspecified vulnerability in Google Android In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. | 7.8 |
| 2024-11-13 | CVE-2023-35686 | Unspecified vulnerability in Google Android In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. | 7.8 |
| 2024-11-13 | CVE-2024-23715 | Out-of-bounds Write vulnerability in Google Android In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. | 7.8 |
| 2024-11-13 | CVE-2024-31337 | Unspecified vulnerability in Google Android In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. | 7.8 |