PT-2024-29463 · Unknown · Symphony Cms

Name of the Vulnerable Software and Affected Versions: Symphony CMS version 2.7.10 Description: A Cross Site Scripting XSS issue allows remote attackers to inject arbitrary web script or HTML by editing a note. This enables attackers to potentially execute malicious scripts on the victim's browse...

CVE-2024-41613

CVE-2024-41613 represents a documented XSS in Symphony CMS 2.7.10, where an attacker can inject arbitrary script/HTML by editing a note. The affected software is Symphony CMS (version 2.7.10); the entry describes the vulnerability as a cross-site scripting issue impacting note editing. The Red Ha...

Fedora 39 : xrdp (2024-41c1bf8de6)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-41c1bf8de6 advisory. Release notes for xrdp v0.10.1 2024/07/31 General announcements A clipboard bugfix included in this release is sponsored by Krmer Pferdesport GmbH & Co KG. W...

PT-2024-26024 · Unknown · Voicenoteservice

Name of the Vulnerable Software and Affected Versions: VoiceNoteService versions prior to SMR Aug-2024 Release 1 Description: The issue is related to improper access control in the VoiceNoteService, allowing local attackers to bypass restrictions on starting services from the background...

SUSE CVE-2024-28570

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the processMakerNote function when reading images in JPEG format...

memos vulnerable to Server-Side Request Forgery and Cross-site Scripting

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

Integration Status

The following integration was used and here are the results based on the intention of the integration type. Here is a brief description of success for each integration type. PAMs: To retrieve a target credential from the related PAM. MDMs: To retrieve devices from the related MDM. Patch Managemen...

CVE-2024-41819

Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...

CVE-2024-41819 Note Mark has a stored XSS in the note link href attribute

Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...

CVE-2024-41819

CVE-2024-41819 concerns Note Mark, a web-based Markdown notes app. The vulnerability is a stored XSS in the URL value of a link embedded in markdown content, allowing arbitrary web scripts to run when a user interacts with the rendered note. Affected versions are prior to 0.13.1; remediation is t...

CVE-2024-41819 Note Mark has a stored XSS in the note link href attribute

Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...

PT-2024-29585

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.13.1 Description A stored cross-site scripting issue allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. Recommendations For...

Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application from the individual developer Leo Spratt. A security vulnerability exists in Note Mark version 0.13.0 and prior versions. An attacker could exploit this vulnerability to execute arbitrary web script by injecting a specially crafted payload...

OPENSUSE-SU-2024:0226-1 Security update for gh

This update for gh fixes the following issues: Update to version 2.53.0: CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file boo1227035 Disable TestGetTrustedRoot/successfullyverifiesTUFroot test due to https://github.com/cli/cli/issues/8928 Rename...

owlwisemarketing.com.xx3.kz Cross Site Scripting vulnerability OBB-3947284

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-6387: Remote Unauthorized Code Execution Vulnerability in openSSH server (regreSSHion)

OpenSSH contains a remote code execution RCE vulnerability, exploitable by an unauthenticated attacker through a race condition. Successful exploitation can allow for the remote execution of arbitrary code. Note: This flaw has been demonstrated to be exploitable remotely on glibc-based Linux...

CVE-2024-39904

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...