SUSE CVE-2024-35241

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are...

PT-2024-37228 · Sourcecodester · Sourcecodester Loan Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Cab Management System version 1.0 Description: A critical issue has been discovered, affecting the /cms/classes/Users.php file, specifically when the id argument is manipulated, leading to SQL injection. This can be initiated...

PT-2024-5957 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

PT-2024-40083 · Symfony +2 · Symfony +2

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to the latest version Description: The issue concerns XML Entity Expansion XEE attacks, which can lead to Denial Of Service attacks against a host's RAM. This is due to the lack of a method to disable custom entities in...

PT-2024-25124 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: The issue is related to a SQL injection vulnerability. This vulnerability occurs via the topic parameter in the list function. Recommendations: For Roothub version 2.6, consider restricting the use of the list...

PT-2024-25173 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version cefd391 Description: A segmentation violation was discovered in Jerryscript via the component scanner seek at jerry-core/parser/js/js-scanner-util.c. Recommendations: For Jerryscript version cefd391, consider avoiding the...

PT-2024-24546 · Unknown · Rg-Rsr10-01G-T(Wa)-S

Name of the Vulnerable Software and Affected Versions: RG-RSR10-01G-TWA-S RSR 3.01B9P2 RSR10-01G-TW-S 07150910 Description: The issue allows a remote attacker to execute arbitrary code via a crafted HTTP request. Recommendations: For RG-RSR10-01G-TWA-S RSR 3.01B9P2 RSR10-01G-TW-S 07150910, consid...

PT-2024-24494 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions v15.03.05.18 through v15.03.20 multi Description: The issue is a stack overflow vulnerability. It is located via the PPW parameter in the fromWizardHandle function. Recommendations: For versions v15.03.05.18, v15.03.05.19,...

PT-2024-24821 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the...

PT-2024-23494 · Jnt Telecom · Jnt Liftcom Ums

Name of the Vulnerable Software and Affected Versions: JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 Description: An issue in the software allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Recommendations: For JNT Telecom JNT Liftcom UMS V1.J...

CVE-2024-29023 Session Hijacking via token exposure on the session page in Xibo CMS

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be...

OESA-2024-1423 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

PT-2024-14372 · D Link · D-Link Covr 1100 +2

Name of the Vulnerable Software and Affected Versions: D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System Hardware Rev B1 Description: The issue truncates Wireless Access Point Passwords WPA-PSK, allowing an attacker to gain unauthorized network access via weak...

PT-2024-23514 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda FH1203 version 2.0.1.6 Description: The issue is a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. Recommendations: For Tenda FH1203 version 2.0.1.6, as a temporary workaround, consider restricti...

PT-2024-21941 · Sourcecodester · Sourcecodester Complete E-Commerce Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Complete E-Commerce Site version 1.0 Description: A critical vulnerability has been found in the SourceCodester Complete E-Commerce Site, affecting an unknown function of the file /admin/users photo.php. The manipulation of the...

CVE-2023-41038 Server crash when using specific form of SET BIND statement

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...

PT-2024-21975 · Dotclear · Dotclear

Name of the Vulnerable Software and Affected Versions: Dotclear version 2.29 Description: A Reflected Cross-Site Scripting XSS issue has been identified in the Search functionality of the Admin Panel. Recommendations: For Dotclear version 2.29, consider disabling the Search functionality within t...

SUSE CVE-2024-24758

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

PT-2024-3883 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP versions KERNEL 7.53 through KERNEL 7.94 SAP NetWeaver Application Server ABAP version KRNL64UC 7.53 Description: The issue is related to insufficient protection of internal data in the SAP NetWeaver...

PT-2024-20330 · Unknown · Mediaserver

Name of the Vulnerable Software and Affected Versions: media-server version 1.0.0 Description: A Use-After-Free UAF issue was discovered in the sip uac stop timer function. This issue is related to the /uac/sip-uac-transaction.c file. Recommendations: For media-server version 1.0.0, consider...