PT-2024-24385 · Unknown · Search Keyword Redirect

Name of the Vulnerable Software and Affected Versions: Search Keyword Redirect versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...

PT-2024-4390

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in QEMU, related to an assertion failure in the update sctp checksum function when calculating the checksum of a short-sized fragmented packet. This issue allows a malicious...

PT-2024-3114 · Microsoft · Ole Db Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue exists due to insufficient input validation in the Microsoft OLE DB Driver for SQL Server. This allows a remote attacker to execute arbitrary code...

PT-2024-14705 · Unknown · Hwnff Module

Name of the Vulnerable Software and Affected Versions: hwnff module affected versions not specified Description: The issue is related to defects introduced in the design process in the hwnff module. Successful exploitation of this vulnerability may affect service confidentiality. Recommendations:...

PT-2024-6453 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 affected versions not specified...

PT-2024-23747 · Unknown · Io-1020 Micro Eld

Name of the Vulnerable Software and Affected Versions: IO-1020 Micro ELD version affected versions not specified Description: The issue concerns the use of a default password for authentication in the IO-1020 Micro ELD web server. Recommendations: At the moment, there is no information about a...

PT-2024-18537 · Flashc · Flashc

Name of the Vulnerable Software and Affected Versions: flashc affected versions not specified Description: The issue is related to a possible system crash due to an uncaught exception in flashc, which could lead to local denial of service. System execution privileges are needed for exploitation,...

PT-2024-5774 · Trueconf · Trueconf Server

Name of the Vulnerable Software and Affected Versions: TrueConf Server affected versions not specified Description: The issue is related to insufficient protection of service data in TrueConf Server, which can be exploited by a remote attacker to gather user system information through API methods...

Authentication Bypass

oauthenticator is vulnerable to Authentication Bypass. The vulnerability exists due to insufficient validation of Google accounts, which allowed access to accounts created by anyone with emails ending with a specified domain...

PT-2024-22631 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: A SQL injection issue exists in the script Handler CFG.ashx. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-2024-20905 · Logitech · Logitech Logi Tune

Name of the Vulnerable Software and Affected Versions: Logitech Logi Tune affected versions not specified Description: The issue is related to an Improper Control of Dynamically-Managed Code Resources vulnerability, which allows Local Code Inclusion. This vulnerability affects Logitech Logi Tune ...

CVE-2024-0311

creationtimestamp| type| source ---|---|--- 2024-03-14 10:26:55+00:00| seen| https://t.me/ctinow/207597 2024-03-14 10:27:01+00:00| seen| https://t.me/ctinow/207604 2024-10-30 16:18:14+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8894 2024-10-31 15:27:18+00:00|...

PT-2024-18391 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This is a Server-Side Request Forgery SSRF vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests ...

PT-2024-2246

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description The issue is related to insufficient input validation in the Windows Kernel, which can be exploited to cause a denial-of-service condition using specially crafted data. This allows...

PT-2024-21756 · Google · Android

Name of the Vulnerable Software and Affected Versions: LPP LcsManagement.c affected versions not specified Description: The issue is related to a possible out of bounds read in the EUTRAN LCS DecodeFacilityInformationElement function of LPP LcsManagement.c due to a missing bounds check. This coul...

PT-2024-18433 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: freescout-helpdesk/freescout affected versions not specified Description: The issue is related to the unrestricted upload of files with dangerous types. This could potentially allow an attacker to upload malicious files, leading to various...

PT-2024-18393 · Lg · Webos

Name of the Vulnerable Software and Affected Versions: webOS of LG Signage affected versions not specified Description: This issue allows remote attackers to traverse the directory on the affected webOS of LG Signage. Recommendations: At the moment, there is no information about a newer version...

PT-2024-18392 · Lg · Webos

Name of the Vulnerable Software and Affected Versions: LG Signage webOS affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. Recommendations: At the moment, there is no information about a newer version that...

PT-2024-2880 · Intel · Intel Thunderbolt Dch Drivers

Name of the Vulnerable Software and Affected Versions: IntelR ThunderboltTM DCH drivers for Windows affected versions not specified Description: The issue is related to improper access control in the IntelR ThunderboltTM DCH drivers for Windows, which may allow an authenticated user to potentiall...

jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials

A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...