Digital products download without proper payment status check

Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed...

PT-2024-40283 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue arises from the failure to properly encode user input, making notifications shown in modal windows in the backend susceptible to cross-site scripting. A valid backend user account i...

PT-2024-40534 · Packagist · Typo3/Cms-Core

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows existing sessions for a user account to remain active even after the user changes their password. To exploit this, an attacker would need a valid user account, either...

CVE-2024-20366

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

CVE-2024-20366

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

CVE-2024-20366

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

PT-2024-25812 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 13.0.0 through 13.1.0 Description: The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML marku...

RHEL 6 : gnupg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...

nss bug fix update

An update is available for nss. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

pgAdmin 安全漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin version 8.5 and prior versions that originated from a vulnerability that allows an attacker who knows the username and password of a legitimate...

UBUNTU-CVE-2024-27033

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to remove unnecessary f2fsbugon to avoid panic verifyblkaddr will trigger panic once we inject fault into f2fsisvalidblkaddr, fix to remove this unnecessary f2fsbugon...

AZL-67481 CVE-2024-26947 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 "arm: extend pfnvalid to take into account freed memory map alignment" changes the semantics of pfnvalid to check presence of t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an error injected into the f2fsisvalidblkaddr function, where the verifyblkaddr function will trigger a pani...

CVE-2024-26667

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hwpp in dpuencoderhelperphyscleanup The commit 8b45a26f2ba9 "drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output" introduced a smatch warning about another conditional block in...

UBUNTU-CVE-2024-26667

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hwpp in dpuencoderhelperphyscleanup The commit 8b45a26f2ba9 "drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output" introduced a smatch warning about another conditional block in...

CVE-2024-26667 drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hwpp in dpuencoderhelperphyscleanup The commit 8b45a26f2ba9 "drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output" introduced a smatch warning about another conditional block in...

PT-2024-19425 · Hitachi Energy · Asset Suite Eam +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a REST service authentication anomaly where a "valid username/no password" credential combination allows for successful service...

CVE-2024-2464

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1...

CVE-2024-1145 Observable Response Discrepancy at Alma Devklan Blog

User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response...

CVE-2024-2229

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user...