Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-5067 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles. | 4.9 |
| 2024-07-24 | CVE-2024-7060 | Unspecified vulnerability in Gitlab An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. | 6.5 |
| 2024-07-24 | CVE-2024-7091 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. | 5.0 |
| 2024-07-24 | CVE-2024-37533 | Privacy Violation vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. | 4.6 |
| 2024-07-24 | CVE-2024-22444 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.2.0/9.2.5/9.3.0 A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2024-07-24 | CVE-2024-40575 | Unspecified vulnerability in Huawei Opengauss 7.3.0 An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes | 5.5 |
| 2024-07-24 | CVE-2024-7079 | Missing Authentication for Critical Function vulnerability in Redhat Openshift Container Platform 3.11/4.0 A flaw was found in the Openshift console. | 6.5 |
| 2024-07-24 | CVE-2024-31971 | Cross-site Scripting vulnerability in Adtran Netvanta 3120 Firmware 18.01.01.00.E **UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. | 4.8 |
| 2024-07-24 | CVE-2024-7068 | Cross-site Scripting vulnerability in Insurance Management System Project Insurance Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. | 4.6 |
| 2024-07-24 | CVE-2024-3896 | Cross-site Scripting vulnerability in Robogallery Robo Gallery The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. | 5.4 |