PT-2024-35280 · Bueno Labs Pvt. · Xpresslane Fast Checkout

Name of the Vulnerable Software and Affected Versions: Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout versions 1.0.0 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in Xpresslane Fast Checkout. Recommendations: For versions 1.0.0 an...

Malicious code in seller-webchat-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 024c0618a42ed68bfdd63a4e68af72dfe7cdcb55d521bc3b167770c757388465 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rich-text-slate-rc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1974a05b4def032650d8412ad77b9ee7b6e530942c4a3ccb90e9c07d5b58830a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-29311

Name of the Vulnerable Software and Affected Versions: tsMuxer version nightly-2024-05-10-02-00-45 Description: A heap-based buffer overflow in tsMuxer allows attackers to cause Denial of Service DoS via a crafted MKV video file. This issue is related to a problem with heap-based buffer overflow,...

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

PT-2024-28835 · Cybele · Thinfinity Workspace

Name of the Vulnerable Software and Affected Versions: Cybele Software Thinfinity Workspace versions prior to 7.0.2.113 Description: The issue concerns a hardcoded cryptographic key used for encryption. This key is embedded in the software, potentially allowing unauthorized access or exploitation...

SUSE CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

PT-2024-8816 · Intel · Intel Acat

Name of the Vulnerable Software and Affected Versions: IntelR ACAT software versions prior to 3.11.0 Description: The issue is related to an uncontrolled search path in the Intel Assistive Context-Aware Toolkit ACAT for Windows, which may allow an authenticated user to potentially enable escalati...

DEBIAN-CVE-2024-51748

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

UBUNTU-CVE-2024-51487

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

UBUNTU-CVE-2024-51484

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to...

UBUNTU-CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

CVE-2024-51993 Password is stored in clear in the database in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

DEBIAN-CVE-2024-50345

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

DEBIAN-CVE-2024-50342

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

UBUNTU-CVE-2024-50340

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

DEBIAN-CVE-2024-51755

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

PYSEC-2024-275

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

UBUNTU-CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

UBUNTU-CVE-2024-51754

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...