CVE-2024-41128

CVE-2024-41128 affects Ruby on Rails Action Pack/Action Dispatch: a ReDoS in query parameter filtering can cause DoS in affected releases. The vulnerability is present in Rails versions starting from 3.1.0 and prior to the following patched releases: 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1. Public...

CVE-2024-41128

Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...

CVE-2024-41128 Action Dispatch has possible ReDoS vulnerability in query parameter filtering

Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...

Rails Action Pack 安全漏洞

Rails Action Pack is a web framework from the US-based Rails team. It provides a mechanism for routing mapping request URLs to actions, defining controllers that implement actions, and generating responses by rendering views templates in various formats. A security vulnerability exists in Rails...

PT-2024-7925

Name of the Vulnerable Software and Affected Versions Action Pack versions 4.0.0 through 6.1.7.8 Action Pack versions 7.0.0 through 7.0.8.4 Action Pack versions 7.1.0 through 7.1.4.0 Action Pack versions 7.2.0 through 7.2.1.0 Description The issue is related to a ReDoS vulnerability in Action...

PT-2024-7928

Name of the Vulnerable Software and Affected Versions Action Pack versions 3.1.0 through 6.1.7.8 Action Pack versions 7.0.0 through 7.0.8.4 Action Pack versions 7.1.0 through 7.1.4.0 Action Pack versions 7.2.0 through 7.2.1.0 Description The issue is related to a possible ReDoS vulnerability in t...

Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001338 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954:...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow a...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...

CVE-2024-3506

A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions...

CVE-2024-3506 Camera Driver possible Buffer Overflow

A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions...

CVE-2024-3506 Camera Driver possible Buffer Overflow

A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions...

CVE-2024-3506

CVE-2024-3506 corresponds to a buffer overflow in Milestone XProtect Device Pack camera drivers (Siveillance Video/XProtect Device Pack). Affected component is the camera driver within the Device Pack, with exploitation requiring access to an internal network and high attack complexity; CVSS show...

Description of the security update for SharePoint Enterprise Server 2016: October 8, 2024 (KB5002645)

Description of the security update for SharePoint Enterprise Server 2016: October 8, 2024 KB5002645 Summary This security update resolves a Microsoft SharePoint elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

Microsoft Windows Routing and Remote Access Service 安全漏洞

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft Corporation USA that is used to perform functions such as network routing, virtual private networks VPNs, and dial-up connections. A security vulnerability exists in Microsoft Windows Routing and Remote Access...

Milestone XProtect Device Pack 安全漏洞

Milestone XProtect Device Pack is a driver pack from Milestone. A security vulnerability exists in Milestone XProtect Device Pack version 13.1a and prior versions, which originates from a possible buffer overflow in the camera driver, allowing an attacker with internal network access to execute...

CVE-2024-47392

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.7.5...

CVE-2024-47392

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through = 5.7.5...

CVE-2024-47383

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.0.8.8...

CVE-2024-47383 WordPress The Pack Elementor addons plugin 2.0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.0.8.8...