SUSE SLES15 / openSUSE 15 Security Update : docker (SUSE-SU-2024:4360-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4360-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: -...

CVE-2024-41126 Out-of-bounds read when decoding SNMP messages in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The...

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

PT-2024-34962 · Opencart · Opencart Product Display

Name of the Vulnerable Software and Affected Versions: Ajinkya N OpenCart Product Display versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious script...

PT-2024-16857 · Sourcecodester · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability has been found in the Inventory Page component, specifically in the file /oews/classes/Master.php?f=save product. The manipulation of the brand argument leads to...

PT-2024-34834 · Fraudlabs Pro · Fraudlabs Pro Sms Verification

Name of the Vulnerable Software and Affected Versions: FraudLabs Pro SMS Verification versions 1.10.1 and earlier Description: A Cross-Site Request Forgery CSRF issue exists in FraudLabs Pro SMS Verification, allowing Stored XSS. Recommendations: For versions 1.10.1 and earlier, update to a versi...

PT-2024-34254 · Unknown · Swoop 1-Click Login: Passwordless Authentication

Name of the Vulnerable Software and Affected Versions: Swoop 1-Click Login: Passwordless Authentication version 1.4.5 Description: The issue is related to an Authentication Bypass by Primary Weakness vulnerability in the Passwordless Authentication feature. This vulnerability allows for...

PT-2024-6441

Name of the Vulnerable Software and Affected Versions CUPS versions 2.x cups-filters versions up to 2.0.1 Description The issue is related to the FoomaticRIPCommandLine function in the CUPS printing system, which allows remote command execution via a PPD file. This can be exploited when combined...

PT-2024-39409 · Stirling Tools · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-Tools Stirling-PDF versions up to 0.28.3 Description: A vulnerability was found in the Markdown-to-PDF component of Stirling-Tools Stirling-PDF, leading to cross-site scripting. The attack can be initiated remotely, with a rather hig...

PT-2024-32092 · Enms · Enms

Name of the Vulnerable Software and Affected Versions: eNMS versions 4.4.0 through 4.7.1 Description: The issue is related to a Directory Traversal vulnerability. This vulnerability can be exploited through the upload files feature, allowing unauthorized access to sensitive files and directories...

PT-2024-37770 · WordPress · Wp Hardening – Fix Your Wordpress Security

Name of the Vulnerable Software and Affected Versions: The WP Hardening – Fix Your WordPress Security plugin versions up to, and including, 1.2.6 Description: The issue is due to the use of an incorrect regular expression within the "Stop User Enumeration" feature, making it possible for...

PT-2024-39281 · Aimhubio · Aimhubio Aim

Name of the Vulnerable Software and Affected Versions: aimhubio aim versions up to 3.24 Description: A problematic issue was found in the dangerouslySetInnerHTML function of the textbox.tsx file in the Text Explorer component. The manipulation of the query argument leads to cross-site scripting. ...

CVE-2024-39723

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...

PT-2024-28932 · Mediawiki · Mediawiki Checkuser Extension

Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.42.1 Description: The Special:Investigate feature can expose suppressed information for log events due to the TimelineService not supporting proper suppression. Recommendations: For versions...

PT-2024-3960

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 Description The issue is related to a stored XSS in the Commit status publisher, which can be exploited by a remote attacker to conduct cross-site...

PT-2024-13799 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.202.9 Description: A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of ur...

PT-2024-24996 · WordPress · User Registration – Custom Registration Form

Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to unauthorized loss of data due to a missing capability check on the profile p...

PT-2024-7005

Name of the Vulnerable Software and Affected Versions Grafana versions prior to v11.0.6+security-01 Grafana versions prior to v11.1.7+security-01 Grafana versions prior to v11.2.2+security-01 Description The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queri...

PT-2024-24343 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie versions prior to 1.4.0 Description: The issue concerns the scrape image function, which retrieves an image based on a user-provided URL without validating if the URL points to an external location and lacks enforced rate limiting. The...