ODA Drawings SDK - All Versions < 2024.12 Security Vulnerabilities

CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

CVE-2024-29176

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable...

CVE-2024-29176

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable...

Malicious code in elitebots-prevnames (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3421b5fe5476f1e1cae544e279bf1731be45c2e887956ef9dca25d2a96dfb9e2) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in elitebots-prevnames-discord (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (00d02d432c34e4cd053181ee1c3bd8e84aab59e198dacbfcfb8c88f184188c5c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

CVE-2024-5173

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5173

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5173 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5173 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

[SECURITY] Fedora 39 Update: python-dns-2.6.1-1.fc39

dnspython is a DNS toolkit for Python. It supports almost all record types. It can be used for queries, zone transfers, and dynamic updates. It supports TSIG authenticated messages and EDNS0. dnspython provides both high and low level access to DNS. The high level classes perform queries for data.....

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details ** CVEID: CVE-2023-38371 DESCRIPTION: **IBM Security Access Manager uses weaker than expected cryptographic algorithms that...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details ** CVEID: CVE-2024-31883 DESCRIPTION: **IBM Security Verify Access, under certain configurations, could allow an...

CVE-2024-5460

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...

CVE-2024-5460

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...

CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Amazon Linux 2 : unbound (ALASUNBOUND-1.17-2024-002)

The version of unbound installed on the remote host is prior to 1.17.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-1.17-2024-002 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound...

SolarWinds Platform 2024.1 SR1 - Race Condition Expoit

...

Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability

Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...

ThroughTek P2P SDK Cleartext Transmission of Sensitive Information (CVE-2021-32934)

ThroughTek supplies multiple original equipment manufacturers of IP cameras & recorders with P2P connections as part of its cloud platform. Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds. This plugin only...

CVE-2024-23765

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes an unidentified service on port 7412 on the network. All the network services of the gateway become unresponsive after sending 85 requests to this port. The content and length of the frame does not matter. The.....

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2199-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2199-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) Tenable has extracted the preceding.....

SolarWinds Platform 2024.1 SR1 Race Condition

...

Hanwha Vision NVR Buffer Overflow (CVE-2019-12223)

The NVR can be rebooted via external attack continuously if it can be access via the public network. During the time, video transmission and recording will not be operated. Also, Exploiting the vulnerability is trivial and requires very low skill level. The listed NVR is vulnerable to allow...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6)

The version of AOS installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6 advisory. There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and...

Debian dla-3844 : git - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3844 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3844-1 [email protected] ...

SolarWinds Platform 2024.1 SR1 - Race Condition

...

RHEL 8 / 9 : Red Hat Ceph Storage 5.3 (RHSA-2024:4118)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4118 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...

Fedora: Security Advisory for python-dns (FEDORA-2024-3b4c7849ab)

The remote host is missing an update for...

ThroughTek Kalay P2P SDK Improper Access Control (CVE-2021-28372)

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access...

Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities

Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress...

AMD Processors February 2024 Security Updates

AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

Atlassian Jira < 9.4.21 / 9.12.x < 9.12.8 / 9.15.x < 9.16.0 (JRASERVER-77713)

The version of Atlassian Jira Server running on the remote host is affected by a vulnerability as referenced in the JRASERVER-77713 advisory. This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information...