Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-45303 | Cross-site Scripting vulnerability in Discourse Calendar 0.2 Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. | 6.1 |
| 2024-09-12 | CVE-2024-45383 | Improper Control of a Resource Through its Lifetime vulnerability in Microsoft High Definition Audio BUS Driver 10.0.19041.3636 A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). | 5.0 |
| 2024-09-12 | CVE-2024-4472 | Information Exposure Through Log Files vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs. | 5.5 |
| 2024-09-12 | CVE-2024-8311 | Unspecified vulnerability in Gitlab An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template. | 6.5 |
| 2024-09-12 | CVE-2020-24061 | Cross-site Scripting vulnerability in Kasdanet Kw5515 Firmware 4.3.1.0 Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script | 4.3 |
| 2024-09-12 | CVE-2024-41629 | Cleartext Storage of Sensitive Information vulnerability in TI Fusion Digital Power Designer 7.10.1 An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials | 5.5 |
| 2024-09-12 | CVE-2024-4612 | Open Redirect vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. | 6.1 |
| 2024-09-12 | CVE-2024-5435 | Information Exposure Through an Error Message vulnerability in Gitlab An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration. | 6.5 |
| 2024-09-12 | CVE-2024-6389 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. | 4.3 |
| 2024-09-12 | CVE-2024-8635 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. | 6.5 |