PT-2024-25219 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.113 Description: The issue allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml list action.php component. This is a Cross Site Scripting vulnerability. Recommendations: For DedeCMS...

PT-2024-6490

Name of the Vulnerable Software and Affected Versions Ffmpeg version N113007-g8d24a28d06 Description The issue is related to a buffer overflow vulnerability in the libavfilter/af stereowiden.c file of the FFmpeg library. This vulnerability can be exploited by a local attacker to execute arbitrary...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.17 LTS and 11.5.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

PT-2024-24226 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet version 9.0 Description: A Directory Traversal issue allows a remote attacker to execute arbitrary code via the page parameter of the "kiosk.php" component. Recommendations: For DerbyNet version 9.0, consider restricting access to th...

EUVD-2024-1076

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an XWiki.SchedulerJobClass XObject, it is possible to execute arbitrary code on the server whenever an...

PT-2024-2847 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could allow an attacker to inject malicious scripts into vulnerable form fields. This could lead to...

PT-2024-26431 · Campcodes · Campcodes Complete Online Student Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Online Student Management System version 1.0 Description: A problematic vulnerability has been found in the attendance view.php file, where the manipulation of the FirstRecord argument leads to cross-site scripting. This...

PT-2024-23649 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection. It can be exploited via the "/WebPages/applyhardware.php" API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to the...

PT-2024-22204

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

PT-2024-19196 · Elspec · Elspec G5 Digital Fault Recorder

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue was discovered in the Elspec G5 digital fault recorder where the shadow file is world readable. Recommendations: For Elspec G5 digital fault recorder versions...

CVE-2024-28250 Cilium has possible unencrypted traffic between nodes when using WireGuard and L7 policies

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...

PT-2024-21265 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to a file upload restriction evasion vulnerability. This could allow an authenticated user to potentially obtain remote code execution RCE through a webshell, compromising the entire...

PT-2024-2281 · Mitsubishi · Melsec-Q Series +1

Name of the Vulnerable Software and Affected Versions: MELSEC-Q Series affected versions not specified MELSEC-L Series affected versions not specified Description: The issue is related to errors in pointer scaling, which can be exploited by a remote attacker to execute arbitrary code by sending a...

PT-2024-21781 · Ibm · Ibm Integration Bus For Z/Os

Name of the Vulnerable Software and Affected Versions: IBM Integration Bus for z/OS versions 10.1 through 10.1.0.3 Description: The issue is related to cross-site request forgery, which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website...

PT-2024-20553 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP affected versions not specified Description: When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Recommendations: At th...

PT-2024-20066 · Gambio · Gambio

Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...

PT-2024-13230 · Westermo · Westermo Lynx

Name of the Vulnerable Software and Affected Versions: Westermo Lynx affected versions not specified Description: A potential attacker with access to the Westermo Lynx device could execute malicious code, affecting the device's correct functioning. Recommendations: At the moment, there is no...

CVE-2024-20010

In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560...

PT-2024-17307 · Munsoft · Munsoft Easy Outlook Express Recovery

Name of the Vulnerable Software and Affected Versions: Munsoft Easy Outlook Express Recovery version 2.0 Description: A problematic issue has been found in the Registration Key Handler component, leading to denial of service. Local access is required to exploit this issue. The exploit has been...

PT-2024-12440 · Splicecom · Splicecom Maximiser Soft Pbx

Name of the Vulnerable Software and Affected Versions: SpliceCom Maximiser Soft PBX versions 1.5 and before Description: The issue allows attackers to bypass authentication via a brute force attack due to the lack of restriction on excessive authentication attempts. Recommendations: For SpliceCom...