PT-2024-33351 · Sangoma · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 18.20.0 and earlier, 19.x, 20.x through 20.5.0, and 21.x through 21.0.0 Certified Asterisk through 18.9-cert5 Description: A path traversal vulnerability was discovered due to the functions action getconfig and actio...

PT-2024-7364 · Unknown · Laquis Scada

Name of the Vulnerable Software and Affected Versions: LAquis SCADA version 4.7.1.511 Description: A cross-site scripting vulnerability in LAquis SCADA could allow an attacker to inject arbitrary code into a web page, potentially enabling them to steal cookies, redirect users, or perform...

CVE-2024-44990 affecting package kernel for versions less than 6.6.51.1-1

CVE-2024-44990 affecting package kernel for versions less than 6.6.51.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-6345 affecting package python-setuptools for versions less than 69.0.3-4

CVE-2024-6345 affecting package python-setuptools for versions less than 69.0.3-4. A patched version of the package is available...

CVE-2024-44946 affecting package kernel for versions less than 5.15.167.1-1

CVE-2024-44946 affecting package kernel for versions less than 5.15.167.1-1. A patched version of the package is available...

CVE-2024-42228 affecting package kernel for versions less than 5.15.167.1-1

CVE-2024-42228 affecting package kernel for versions less than 5.15.167.1-1. A patched version of the package is available...

Vulnerabilities fixed in Draytek Vigor routers

Draytek has fixed vulnerabilities in several types of Vigor series routers. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or perform a Cross-Site-Scripting attack, potentially gaining access to sensitive data or executing arbitrary code in the context of the...

GHSA-QVQV-MCXR-X8QW Slim Select has potential Cross-site Scripting issue

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

PT-2024-39616

Name of the Vulnerable Software and Affected Versions OFCMS version 1.1.2 Description A problematic vulnerability has been found in OFCMS, affecting the add function of the file "/admin/system/dict/add.json?sqlid=system.dict.save". The manipulation of the dict value argument leads to cross-site...

PT-2024-31848 · Solvait · Solvait

Name of the Vulnerable Software and Affected Versions: Solvait version 24.4.2 Description: A Stored Cross-Site Scripting XSS vulnerability allows remote attackers to inject malicious scripts into the application due to insufficient input validation and sanitization in the "Intrest" feature...

PT-2024-39546 · Unknown · Kalvingit Kvf-Admin

Name of the Vulnerable Software and Affected Versions: kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff Description: A problematic vulnerability has been found in the XML File Handler component of kalvinGit kvf-admin. The issue affects an unknown function of the file...

CVE-2024-6232 affecting package python3 for versions less than 3.9.19-5

CVE-2024-6232 affecting package python3 for versions less than 3.9.19-5. A patched version of the package is available...

PT-2024-31867 · Unknown · Bookreviewlibrary

Name of the Vulnerable Software and Affected Versions: BookReviewLibrary version 1.0 Description: A host header injection issue allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This is achieved through manipulating the host header, which...

WordPress Prisna GWT – Google Website Translator Plugin <= 1.4.11 is vulnerable to PHP Object Injection

Software Prisna GWT – Google Website Translator Type Plugin Vulnerable versions = 1.4.11 Fixed in 1.4.12 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8514 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 96a1cccedfb0 Credits Lesor101 Required...

PT-2024-10413 · Ibm · Ibm Storage Defender

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender versions 2.0.0 through 2.0.7 Description: The issue is related to the IBM Storage Defender's Defender Sensor component, which has incorrect data encryption. This could allow a remote attacker to obtain sensitive informati...

CVE-2022-32149 affecting package influxdb for versions less than 2.6.1-17

CVE-2022-32149 affecting package influxdb for versions less than 2.6.1-17. A patched version of the package is available...

CVE-2024-8652

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and o...

CVE-2024-8653

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...

DEBIAN-CVE-2024-8946

A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...

PYSEC-2024-91

A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...