4571 matches found
PYSEC-2024-93
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...
UBUNTU-CVE-2024-8946
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...
CVE-2024-8867 Perfex CRM Parameter Clients.php cross site scripting
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be...
CVE-2024-6197 affecting package curl for versions less than 8.8.0-2
CVE-2024-6197 affecting package curl for versions less than 8.8.0-2. A patched version of the package is available...
CVE-2024-43168 affecting package unbound for versions less than 1.19.1-2
CVE-2024-43168 affecting package unbound for versions less than 1.19.1-2. A patched version of the package is available...
CVE-2024-6104 affecting package influxdb for versions less than 2.6.1-15
CVE-2024-6104 affecting package influxdb for versions less than 2.6.1-15. A patched version of the package is available...
PT-2024-38984 · Unknown · Sourcecodester Contact Manager With Export To Vcf
Name of the Vulnerable Software and Affected Versions: SourceCodester Contact Manager with Export to VCF version 1.0 Description: A critical issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument...
GHSA-7MV5-5MXH-QG88 nanopb vulnerable to invalid free() call with oneofs and PB_ENABLE_MALLOC
Impact Decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the...
PT-2024-31244 · Vtiger · Vtiger Crm
Name of the Vulnerable Software and Affected Versions: vTiger CRM version 7.4.0 Description: An Open Redirect issue exists in the page parameter, allowing attackers to redirect users to a malicious site via a crafted URL. Recommendations: For vTiger CRM version 7.4.0, consider restricting access ...
PT-2024-29380 · Organizr · Organizr
Name of the Vulnerable Software and Affected Versions: Organizr version 1.90 Description: A SQL injection issue was found in Organizr via the chat/settyping.php endpoint. This allows for potential exploitation. Recommendations: For Organizr version 1.90, consider restricting access to the...
PT-2024-6114
Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software affected versions not specified Description A vulnerability in the Python interpreter could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying...
CVE-2026-33515 affecting package squid for versions less than 6.13-4
CVE-2026-33515 affecting package squid for versions less than 6.13-4. A patched version of the package is available...
PT-2024-31400 · Nixos · Hydra
Name of the Vulnerable Software and Affected Versions: Hydra affected versions not specified Description: Hydra is a Continuous Integration service for Nix-based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can...
CVE-2023-6337 affecting package cert-manager for versions less than 1.12.12-1
CVE-2023-6337 affecting package cert-manager for versions less than 1.12.12-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-43794
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
PT-2024-30652 · Open Edx +1 · Openedx-Atlas +4
Name of the Vulnerable Software and Affected Versions: openedx-translations affected versions not specified edx-platform versions from 'redwood' to 'master' Description: The openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex...
SonicOS Improper Access Control Vulnerability
An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7...
PT-2024-30064 · Pligg Cms · Pligg Cms
Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF in Pligg CMS. This occurs via the admin/admin page.php endpoint with specific parameters: link id and mode. The link id is set to 1 and the mode is...
PT-2024-20039 · Oppo · Coloros Internet Browser
Name of the Vulnerable Software and Affected Versions: ColorOS Internet Browser version 45.10.3.4.1 Description: The issue allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. Recommendations: For version 45.10.3.4.1, consider...