30465 matches found
CVE-2024-24788 affecting package golang for versions less than 1.22.3-1
CVE-2024-24788 affecting package golang for versions less than 1.22.3-1. A patched version of the package is available...
PT-2024-22384 · Bm Soft · Bmplanning
Name of the Vulnerable Software and Affected Versions: BM SOFT BMPlanning version 1.0.0.1 Description: The issue allows authenticated users to execute arbitrary SQL commands via parameters such as SEC IDF, LIE IDF, PLANF IDF, CLI IDF, DOS IDF, and possibly others to the "/BMServerR.dll/BMRest" AP...
CVE-2024-41965 Vim < v9.1.0648 has a double-free in dialog_changed()
Vim is an open source command line text editor. double-free in dialogchanged in Vim v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a nam...
CVE-2024-7211
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...
CVE-2024-42161
A vulnerability was found in the Linux kernel in the bpfenumvaluekind function, where a lack of proper checks could lead to an uninitialized variable being used. This issue could lead to undefined behavior or memory corruption. Mitigation Mitigation for this issue is either not available or the...
PT-2024-5360
Name of the Vulnerable Software and Affected Versions AVTECH AVM1203 versions prior to the latest supported version AVTECH IP cameras affected versions not specified Description The issue is related to a command injection vulnerability found in the brightness function of AVTECH closed-circuit...
CVE-2024-37898
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the pag...
CVE-2024-41947 XWiki Platform XSS through conflict resolution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...
GHSA-WF3X-JCCF-5G5G XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
Impact When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user...
CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a...
UBUNTU-CVE-2024-42144
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvtsthermal: Check NULL ptr on lvtsdata Verify that lvtsdata is not NULL before using it...
UBUNTU-CVE-2024-42161
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...
CVE-2024-42139
In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause ...
SUSE-SU-2024:2628-1 Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 July 2024 CPU: - CVE-2024-21131: Fixed a potential UTF8 size overflow bsc1228046. - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length bsc1228047. - CVE-2024-21140: Fixed a pre-loop limit...
EC-CUBE 4 Series improper input validation when installing plugins
Overview EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early...
JVN#48324254: EC-CUBE 4 Series improper input validation when installing plugins
EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. Impact An attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some...
CVE-2024-40777
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination...
CVE-2024-40784
CVE-2024-40784 involves an integer overflow that was addressed by improved input validation. The issue affects Apple platforms when processing a maliciously crafted file, potentially causing an unexpected app termination. Public disclosures in connected sources (Red Hat, CIRCL, Nessus/OPENVAS sum...
CVE-2024-40787
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements...
Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities
Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change. Successf...