30468 matches found
CVE-2024-42485 Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...
CVE-2024-42467
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forger...
PT-2024-38485 · Gila Cms · Gila Cms
Name of the Vulnerable Software and Affected Versions: Gila CMS version 1.10.9 Description: A problematic issue was found in Gila CMS, affecting an unknown part of the file /cm/update rows/page?id=2 within the HTTP POST Request Handler component. The manipulation of the content argument leads to...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
PT-2024-5811
Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.3 Hotfix 2 Description SolarWinds Web Help Desk is susceptible to a Java deserialization remote code execution issue. Exploitation of this issue could allow a malicious actor to execute arbitrary...
PT-2024-6342 · Google +5 · Google Chrome +6
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.119 Description: The issue is related to an out of bounds write in the V8 JavaScript engine of Google Chrome and Microsoft Edge browsers. This can allow a remote attacker to potentially exploit heap...
CVE-2024-42366
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...
CVE-2024-42366 VR Overlay RCE
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...
CVE-2024-42366 VR Overlay RCE
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...
CVE-2024-42356
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...
CVE-2024-42355
Shopware is vulnerable to Server-Side Template Injection via the new Twig tag sw_silent_feature_call. The parameter (feature flag name) is not escaped properly, allowing code execution. Affected versions include 6.6.5.0/6.5.x prior to 6.6.5.1 and 6.5.8.13; older 6.2–6.4 can receive protections vi...
linux-firmware security update
20240715-999.34.git4c8fb21e.el9 - Rebase to latest upstream Orabug: 36826157...
PostgreSQL -- Prevent unauthorized code execution during pg_dump
PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pgdump session with the privileges of the role running pgdump which is often a superuser. The attack involves replacing a sequence or similar object...
PT-2024-29890 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.5.1 Shopware versions prior to 6.5.8.13 Description: The issue is related to the store-API, which works with regular entities and only exposes fields marked as ApiAware in the EntityDefinition to the public API...