UBUNTU-CVE-2024-23836

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extrem...

WordPress NotificationX Plugin <= 2.8.2 is vulnerable to SQL Injection

Software NotificationX Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1698 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 7d9025b61012 Credits Krzysztof Zając Required privilege Unauthenticated...

PT-2024-2169 · Unknown · Gguf Library

Name of the Vulnerable Software and Affected Versions: GGUF library version prior to the fix of Commit 18c2e17 Description: A heap-based buffer overflow vulnerability exists in the GGUF library's info-ne functionality of llama.cpp. This issue can be exploited by providing a specially crafted .ggu...

CVE-2024-0639 affecting package kernel for versions less than 5.15.148.1-1

CVE-2024-0639 affecting package kernel for versions less than 5.15.148.1-1. A patched version of the package is available...

CVE-2023-7192 affecting package kernel for versions less than 5.15.148.1-1

CVE-2023-7192 affecting package kernel for versions less than 5.15.148.1-1. A patched version of the package is available...

CVE-2023-51780 affecting package kernel for versions less than 5.15.148.1-1

CVE-2023-51780 affecting package kernel for versions less than 5.15.148.1-1. A patched version of the package is available...

CVE-2022-29526 affecting package golang for versions less than 1.21.6-1

CVE-2022-29526 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

PT-2024-21298 · Rails +2 · Rails +2

Name of the Vulnerable Software and Affected Versions: Rails versions 7.1.0 through 7.1.3.0 Description: There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This issue can cause Accept header parsing to take an unexpected amount of time, possibly...

Design/Logic Flaw

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

PT-2024-21163 · Netis · Netis Wf2780

Name of the Vulnerable Software and Affected Versions: Netis WF2780 version 2.1.40144 Description: The issue is related to a command injection vulnerability. This vulnerability can be exploited via the wps ap ssid5g parameter. Recommendations: For Netis WF2780 version 2.1.40144, avoid using the w...

PT-2024-4535 · Querybook · Querybook

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.31.1 Description: The issue is related to the Rich Text Editor component in Querybook, which fails to properly validate user input, allowing arbitrary URLs to be entered without necessary validation. This securit...

CVE-2024-24763 JumpServer Open Redirect Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks...

PT-2024-16285 · WordPress · Customer Reviews For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce plugin for WordPress versions up to, and including, 5.38.12 Description: The issue allows unauthorized modification of data due to a missing capability check on the submit review function. This enables...

PT-2024-18096 · WordPress · Wp Database Reset

Name of the Vulnerable Software and Affected Versions: Database Reset plugin for WordPress versions up to, and including, 3.22 Description: The issue is due to missing or incorrect nonce validation on the install wpr function, making it possible for unauthenticated attackers to install the WP Res...

PT-2024-20828

Name of the Vulnerable Software and Affected Versions Task Manager App version 1.0 Description A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter in the "/TaskManager/Projects.php" API endpoint...

PT-2024-2127 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Exchange Server. A malicious party could exploit the vulnerability to use a previously stolen NTLM hash to gain access to the account and the data of the victim. Successful exploitation thus requires a previous successful attack on a client that uses NTLM...

WordPress Ultimate Reviews Plugin <= 3.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Reviews Type Plugin Vulnerable versions = 3.2.8 Fixed in 3.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25597 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9a3542c0e41a Credits Kang SeoHee Required privilege...

PT-2024-5016 · Sap · Sap Aba

Name of the Vulnerable Software and Affected Versions: SAP ABA Application Basis versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I Description: The issue in SAP ABA is related to incorrect code generation management, allowing an attacker with remote execution authorization to use a...

UBUNTU-CVE-2024-1433

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginI...