Security Vulnerabilities - CVEs Published In July 2024
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-25
In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.
CVSS Score
2.2
EPSS Score
0.001
Published
2024-07-25
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-25
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-07-25
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user.
CVSS Score
4.1
EPSS Score
0.001
Published
2024-07-24
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
CVSS Score
2.7
EPSS Score
0.001
Published
2024-07-24
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-07-24
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
CVSS Score
2.6
EPSS Score
0.0
Published
2024-07-24
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-07-24
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-07-24