Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-47123 | Insufficient Verification of Data Authenticity vulnerability in Gotenna PRO The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. | 3.1 |
| 2024-09-26 | CVE-2024-47127 | Improper Authentication vulnerability in Gotenna PRO In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. | 3.1 |
| 2024-09-26 | CVE-2024-4278 | Unspecified vulnerability in Gitlab An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. | 2.7 |
| 2024-09-26 | CVE-2024-0133 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. | 3.4 |
| 2024-09-26 | CVE-2023-52947 | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. | 3.3 |
| 2024-09-25 | CVE-2024-8350 | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. | 2.7 |
| 2024-09-23 | CVE-2024-8263 | Unspecified vulnerability in Github Enterprise Server An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. | 2.7 |
| 2024-09-18 | CVE-2024-46792 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory raw_copy_{to,from}_user() do not call access_ok(), so this code allowed userspace to access any virtual memory address. | 3.3 |
| 2024-09-18 | CVE-2024-46794 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable (val) on the stack to the VMM. This variable is only needed as an output value. | 3.3 |
| 2024-09-17 | CVE-2024-40791 | Information Exposure Through Log Files vulnerability in Apple Macos A privacy issue was addressed with improved private data redaction for log entries. | 3.3 |