313 matches found
CVE-2020-26276
Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP. Users that configure Fleet...
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...
Joomla! 5.x < 5.2.3 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.20, 4.x prior to 4.4.10 or 5.x prior to 5.2.3. It is, therefore, affected by multiple vulnerabilities. - Various module chromes didn't properly process inputs, leading to XSS...
CVE-2024-11404
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3...
SUSE-SU-2024:3785-1 Security update for pcp
This update for pcp fixes the following issues: pcp was updated from version 5.2.5 to version 6.2.0 jscPED-8192, jscPED-8389: - Security issues fixed: CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user bsc1230552 CVE-2024-45769: Fixed a heap corruption...
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...
CVE-2024-45785
MUSASI version 3 is affected by a client-side authentication flaw (CWE-603) that can allow a user to fetch another user’s credentials and sensitive information. Multiple sources (CVE-2024-45785 entries across NVD, JVN, Red Hat, and vendor advisories) confirm the issue arises from authentication l...
JVN#31982676: MUSASI version 3 performing authentication on client-side
MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This behavior...
Moderate: gtk3 security update
The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fixes: gtk3: gtk2: Library injection from CWD CVE-2024-6655 For more details about the security issues, including the impact, a CVSS score, acknowledgments...
[SECURITY] Fedora 40 Update: python3.11-3.11.10-1.fc40
Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...
CVE-2024-45506
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...
Medium: ruby3.2
Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory address read vulnerability with Regex search CVE-2024-27282 Affected Packages: ruby3.2 Issue Correction: Run dnf update ruby3.2 --releasever 2023.5.20240819 or dnf update --advisory...
Joomla! 3.x < 3.10.16 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...
CVE-2024-37741
OpenPLC 3 through 9cd8f1b is affected by a cross-site scripting (XSS) vulnerability that can be triggered via an SVG document used as a profile picture. The issue arises from insufficient filtering/escaping of user-supplied data, enabling script execution within a victim’s browser. Affected produ...
CVE-2024-23767
An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations...
Smarty 安全漏洞
Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A security vulnerability exists in Smarty that stems from allowing an attacker to inject PHP code by selecting a malicious filename via extends-tag. Affected products and versions:...
traceroute security update
3:2.1.0-8 - add gating.yaml 3:2.1.0-7 - fix improper command line parsing CVE-2023-46316...
PT-2024-40514 · Contao · Contao/Core
Name of the Vulnerable Software and Affected Versions: contao/core versions 2.x prior to 2.11.17 contao/core versions 3.x prior to 3.2.9 Description: The issue is related to arbitrary code execution on the server due to insufficient input validation. Attackers can exploit this by entering a...