CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

Synapse's unauthenticated writes to the media repository allow planting of problematic content

Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...

GHSA-GJGR-7834-RHXR Synapse's unauthenticated writes to the media repository allow planting of problematic content

Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...

CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

PT-2024-20703 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue allows malicious file upload by permitting unrestricted filetype attachments in the Journal entry page. Attackers can exploit this weakness to upload malicious...

IrfanView 安全漏洞

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. IrfanView suffers from a code execution vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current process...

IrfanView 安全漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from a post-release reuse vulnerability that can be exploited by an attacker to execute code in the context of the current process...

Bitcoin Core 安全漏洞

Bitcoin Core is a Bitcoin open source client for verifying the validity of blockchain transactions. A security vulnerability exists in Bitcoin Core versions prior to 25.0. An attacker exploiting the vulnerability could affect the download status of other peers by sending variant blocks...

CVE-2024-11256

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has bee...

LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...

containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

Adobe Illustrator 代码问题漏洞

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Illustrator, which can be exploited by attackers to cause a denial of service in the application...

CVE-2024-39354

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code...

D-Link DSL6740C 安全漏洞

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL6740C, which can be exploited by an attacker to modify arbitrary user passwords and later log in to Web, SSH, and Telnet services via certain APIs...

CVE-2024-10573 Mpg123: buffer overflow when writing decoded pcm samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

Maruti Suzuki SmartPlay 安全漏洞

Maruti Suzuki SmartPlay is an infotainment system from Maruti Suzuki. A security vulnerability exists in Maruti Suzuki SmartPlay version 66T0.05.50. An attacker could exploit the vulnerability to try commonly used or default usernames and passwords...

Cisco Adaptive Security Appliance 安全漏洞

The Cisco Adaptive Security Appliance is a network appliance from the American company Cisco, Inc. It is used to protect corporate networks and data centers of all sizes. A security vulnerability exists in the Cisco Adaptive Security Appliance that originates from a logic error when establishing ...

The vulnerability of the veth component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the veth component in the Linux operating system’s kernel is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-21134

...

CVE-2024-29821

CVE-2024-29821 affects Ivanti Desktop and Server Management (DSM) prior to 2024.2. The vulnerability allows authenticated local users to execute code with elevated privileges due to insecure ACLs, via an unspecified attack vector. Public sources confirm impact is a local privilege escalation with...