CVE-2024-47579

An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows th...

CVE-2024-53281

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Network WOL functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct...

CVE-2024-53285

The CVE-2024-53285 flaw affects Synology Router Manager (SRM) versions prior to 1.3.1-9346-10, specifically within the DDNS Record component. The root cause is improper neutralization of input during web page generation, enabling Cross-site Scripting (XSS) by an administrator with full rights. Im...

CVE-2024-53285

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in DDNS Record functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitiv...

Drugs.com: 2FA Bypass leads to impersonation of legimate users

The authentication system contained a logic flaw that allowed an attacker to impersonate a legitimate user who had not yet registered. By abusing the email change functionality and bypassing two-factor authentication, the attacker could retain access to the account until the legitimate user reset...

CVE-2024-10716

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search...

CVE-2024-12232 code-projects Simple CRUD Functionality index.php cross site scripting

A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2024-12232

CVE-2024-12232 affects Code-Projects Simple CRUD Functionality 1.0. The vulnerability occurs in an unknown code path of /index.php, where manipulation of the parameters newtitle and newdescr leads to cross-site scripting (XSS) . It is described as exploitable remotely with the exploit publicly di...

CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

PT-2024-36005 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.2.9 Description: The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the...

Restore to oVirt KVM VM Post-Restore Recommended Actions

Purpose This article documents recommended post-restore actions that should be taken after restoring VMs, physical machines, and cloud machines to the oVirt KVM hypervisor. Solution Starting in the oVirt KVM Plug-In included with Veeam Backup & Replication 12.3, a feature has been added that allo...

Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery

Impact A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git config injection. The vulnerability allows an attacker to capture privileged git tokens used by the Backstage Scaffolder plugin. With these...

CVE-2024-42333

CVE-2024-42333 is confirmed in multiple advisories as a memory leak caused by an out-of-bounds read in zabbix server code (src/libs/zbxmedia/email.c). The vulnerability affects Zabbix deployments and has been addressed in multiple distributions: Fedora 40 update to zabbix 6.0.36; Debian bullseye ...

CVE-2024-53102

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-7236

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-8805

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within...

CVE-2024-7236 AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-7236

CVE-2024-7236 affects AVG AntiVirus Free (icarus). The vulnerability is in the AVG Installer: an attacker who can run low-privilege code locally can abuse the updater by creating a symbolic link to create a file, enabling a persistent DoS condition. This is a local-privilege, file-creation DoS ve...

CVE-2024-7236 AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...