CVE-2024-11619

The CVE-2024-11619 issue affects macrozheng mall up to version 1.0.3, specifically the JWT Token Handler component. Root cause: use of a default cryptographic key, which can compromise confidentiality/integrity if exploited. Exploitation complexity is described as high and exploitation is difficu...

GHSA-8W49-H785-MJ3C Tornado has an HTTP cookie parsing DoS vulnerability

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. See...

AZL-53624 CVE-2024-52804 affecting package python-tornado 6.2.0-1

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

AZL-53522 CVE-2024-52804 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

CVE-2024-52804 Tornado has HTTP cookie parsing DoS vulnerability

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

CVE-2024-10270

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...

CVE-2024-11208

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitati...

CVE-2024-11126 Digistar AG-30 Plus Login Page excessive authentication

A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The...

CVE-2024-11126 Digistar AG-30 Plus Login Page excessive authentication

A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The...

Introducing the Akamai App Platform

Over the past decade, developers have been forced to choose between two evils: either accept Big Cloud’s complexity, costs, and lock-in, or struggle and lose precious time building everything from scratch. Like code itself, it was a binary decision...

MAL-2024-10657 Malicious code in eslint-plugin-cognitive-complexity (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a22d9cacdbec9aeec6abcf59091621abc9b7b7a01842cc8aa6b86418c062417 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in eslint-plugin-cognitive-complexity (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a22d9cacdbec9aeec6abcf59091621abc9b7b7a01842cc8aa6b86418c062417 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

SUSE-SU-2024:3964-1 Security update for python-wxPython

This update for python-wxPython fixes the following issues: Security issue fixed: - CVE-2024-50602: Fixed a denial of service in the vendored libexpat's XMLResumeParser function bsc1232590. Non-security issues fixed: - rebuilt for python 3.11 bsc1228252. - add repack script, do not include...

CVE-2024-11026

CVE-2024-11026 affects Intelligent Apps Freenow App 12.10.0 on Android. The issue resides in the Keystore Handler’s SSL.java (ch/qos/logback/core/net/ssl/SSL.java), where the argument DEFAULT_KEYSTORE_PASSWORD is manipulated with the input value “changeit,” resulting in a hard-coded password. Thi...

CVE-2024-10920

CVE-2024-10920 affects travels-java-api (versions up to 5.0.1). The vulnerability exists in the JwtAuthenticationTokenFilter.doFilterInternal function of the JWT Secret Handler component, where a hard-coded cryptographic key is used. This enables remote exploitation with high attack complexity an...

CVE-2024-10915

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. T...

CVE-2024-10748

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...

CVE-2024-10749

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...

CVE-2024-10749 ThinkAdmin Plugs.php script deserialization

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...