CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

UBUNTU-CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

CVE-2024-31970

AdTran SRG 834-5 HDC17600021F1 devices with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1 have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with...

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

PT-2024-28793 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP CRM versions prior to 19.0.2 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the Computed field parameter under the Users Module Setup function. Recommendations: For version...

ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

CVE-2024-5529

The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-27517 · Proton · Protonvpn

Name of the Vulnerable Software and Affected Versions: ProtonVPN versions prior to 3.2.10 Description: The issue is related to the mishandling of the drive installer path in the Setup/setup.iss file. Specifically, it should use the path constructed by ' + ExpandConstant'autopfProtonDrive' + ' to...

OPENSUSE-SU-2024:0206-1 Security update for cockpit

This update for cockpit fixes the following issues: - new version 320: pam-ssh-add: Fix insecure killing of session ssh-agent boo1226040, CVE-2024-6126 - changes in older versions: Storage: Btrfs snapshots Podman: Add image pull action Files: Bookmark support webserver: System user changes Metric...

CVE-2024-37066

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process...

CVE-2024-37066

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process...

The vulnerability of the Attribute Admin Setup component of the software application Attribute Admin Setup of the Oracle E-Business Suite allows a malicious individual to gain access to modify, add, or delete data.

The vulnerability of the Attribute Admin Setup component of the Attribute Admin Setup software and the Oracle E-Business Suite system exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or...

Xenserver Configuration: Comprehensive Guide

Introduction This article will direct you to resources that provide guidance on configuring basic pools for XenServer Top Knowledge Content Basic Configuration guide for a XenServer Pool CTX128391 - How to Remove a Server from a XenServer Pool that Contains Only One Host CTX216127 - How to change...

CVE-2024-5442

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-5151

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4602

The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6070 if-so < 1.8.0.4 - Admin+ Stored XSS

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-5644

CVE-2024-5644 affects the Tournamatch WordPress plugin prior to 4.6.1. The issue arises from insufficient sanitisation/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is disabled (such as in multisite). Impact is li...