EUVD-2024-53109

Malicious code in bioql PyPI...

CVE-2024-56324

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...

CVE-2024-56324

GoCD versions prior to 24.4.0 allow group admins to abuse the ability to edit raw XML configuration for groups, triggering an XML External Entity (XXE) injection on the GoCD server. This can potentially lead to SSRF, information disclosure, and directory traversal, though exploitation specifics a...

CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0640-1)

This is a MozillaThunderbird update to version 24.5.0 : - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards - MFSA 2014-37/CVE-2014-1523 bmo969226 Out of bounds read while decoding JPG images - MFSA 2014-38/CVE-2014-1524 bmo989183 Buffer overflow when using non-XBL object as XBL - MF...