| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6. |
| Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. |
| Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute for the multiselectbox field, the default value, number of rows, and columns attributes for the text field, and the default value, size, and max characters attributes for the string field configurations are lost when added as criteria in a saved report. Additionally, in Tuleap Community Edition versions 16.4.99.1739806825 to 16.4.99.1739877910, this issue could be exploited to prevent access to tracker data by triggering a crash. This vulnerability has been fixed in Tuleap Community Edition 16.4.99.1739877910 and Tuleap Enterprise Edition 16.3-9 and 16.4-4. |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vulnerability to force other tracker administrators to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740067916 and Tuleap Enterprise Edition 16.4-5 and 16.3-10. |
| Secure Boot Security Feature Bypass Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Access Denial of Service Vulnerability |
| Windows OLE Remote Code Execution Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Microsoft Teams Information Disclosure Vulnerability |
| Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| SysInternals Sysmon for Windows Elevation of Privilege Vulnerability |
| AV1 Video Extension Remote Code Execution Vulnerability |
| AV1 Video Extension Remote Code Execution Vulnerability |
| Visual Studio Code Spoofing Vulnerability |
| Microsoft Word Security Feature Bypass Vulnerability |
| Windows MSHTML Platform Security Feature Bypass Vulnerability |
| Microsoft SharePoint Server Information Disclosure Vulnerability |
