CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370

gettext.js is a GNU gettext port for Node and browsers. The CVE-2024-43370 vulnerability is a cross-site scripting (XSS) vulnerability triggered when .po dictionary files are corrupted. The issue has been fixed in version 2.0.3. A workaround is to control the origin of the dictionary catalog to p...

ROS-20240815-07

A vulnerability in the GNU C Library's nscd nameserver caching daemon is related to the returning a pointer outside the expected range. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the GNU C Library nscd nameserver caching daemon is...

CVE-2024-25562

Improper buffer restrictions in some IntelR Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access...

PT-2024-8899 · Intel · Intel Distribution For Gdb

Name of the Vulnerable Software and Affected Versions: IntelR Distribution for GDB versions prior to 2024.0.1 Description: The issue is related to incorrect default permissions in the IntelR Distribution for GDB software. This may allow an authenticated user to potentially enable escalation of...

ALSA-2024:5299 Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

CLSA-2024-1723482999 glibc: Fix of CVE-2024-33599

CVE-2024-33599: fix buffer overflow in netgroup cache...

Advisory ROSA-SA-2024-2468

software: patch 2.7.6 OS: ROSA-CHROME packageevrstring: patch-2.7.6-5 CVE-ID: CVE-2018-6951 BDU-ID: 2023-01652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the intuitdifftype function of the pch.c component of the Patch edit transfer program is related to pointer dereferencing errors. Exploitatio...

Journyx 11.5.4 Authenticated Remote Code Execution

KL-001-2024-008: Journyx Authenticated Remote Code Execution Title: Journyx Authenticated Remote Code Execution Advisory ID: KL-001-2024-008 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt 1. Vulnerability Details Affected Vendor: Journ...

Journyx 11.5.4 XML Injection

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection Title: Journyx Unauthenticated XML External Entities Injection Advisory ID: KL-001-2024-010 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt 1. Vulnerability Detail...

Journyx 11.5.4 Cross Site Scripting Vulnerability

Journyx version 11.5.4 suffers from a cross site scripting vulnerability due to mishandling of the errordescription during an active directory login flow. Title: Journyx Reflected Cross Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability...

Journyx 11.5.4 Cross Site Scripting

KL-001-2024-009: Journyx Reflected Cross Site Scripting Title: Journyx Reflected Cross Site Scripting Advisory ID: KL-001-2024-009 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability Details Affected Vendor: Journyx Affecte...

Journyx 11.5.4 Authenticated Remote Code Execution Vulnerability

Journyx version 11.5.4 has an issue where attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Title: Journyx Authenticated Remote Code Execution Advisory ID: KL-001-2024-008 Publication Date: 2024.08.07 Publication URL:...

Journyx 11.5.4 Unauthenticated Password Reset Bruteforce Vulnerability

Journyx version 11.5.4 suffers from an issue where password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. Title: Journyx Unauthenticated...

Journyx 11.5.4 XML Injection Vulnerability

Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...

Journyx Unauthenticated XML External Entities Injection

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2024-6893 2. Vulnerability Description The "soapcgi.pyc" API handler allows...

Journyx Unauthenticated Password Reset Bruteforce

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-321: Use of Hard-coded Cryptographic Key, CWE-334: Small Space of Random Values, CWE-799: Improper Control of Interaction Frequency CVE ID:...

Journyx Authenticated Remote Code Execution

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-94: Improper Control of Generation of Code 'Code Injection', CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval...