CVE-2024-24937

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible...

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

CVE-2024-21841

Uncontrolled search path for some IntelR Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-24973

Improper input validation for some IntelR Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2024-42671

A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities...

CVE-2024-29083

Incorrect default permissions in some IntelR Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-27318

StorageGRID formerly StorageGRID Webscale versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service DoS vulnerability. A successful exploit could lead to a crash of the Local Distribution Router LDR service...

CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

CVE-2023-39945

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0,...

[SECURITY] Fedora 41 Update: zsync-0.6.2-3.fc41

zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...

[SECURITY] Fedora 42 Update: zsync-0.6.2-3.fc42

zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...

CVE-2023-24598

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user...

CVE-2023-23932

OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1...

CVE-2023-27584

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in the use of incorrect authentication tokens due to unlimited resource distribution. This allows a hacker to cause service failures.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE stems from the use of incorrect authentication tokens due to unlimited resource distribution. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2022-42038

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

CVE-2022-38734

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0.8 are susceptible to a Denial of Service DoS vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router LDR service...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-28696

Uncontrolled search path in the IntelR Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-29486

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs...