org.keycloak:keycloak-guides (>=20.0.0 <=20.0.5), org.keycloak:keycloak-guides-maven-plugin (>=20.0.0 <=20.0.5) +3 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=20.0.0 <=20.0.5)

org.keycloak:keycloak-quarkus-server MAVEN version =20.0.0, =20.0.0, =20.0.0, =20.0.0, =20.0.0, =20.0.0, =20.0.5 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...

de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=3.0.1-25.0 <=4.0.5-25.0), org.keycloak:keycloak-guides (>=25.0.0 <=26.0.5) +6 more potentially affected by CVE-2024-10492 via org.keycloak:keycloak-quarkus-server (>=25.0.0 <=26.0.5)

org.keycloak:keycloak-quarkus-server MAVEN version =25.0.0, =3.0.1-25.0, =25.0.0, =25.0.0, =25.0.0, =26.0.0, =25.0.0, =25.0.0, =26.0.0, =26.0.5 Source cves: CVE-2024-10492 Source advisory: OSV:GHSA-5545-R4HG-RJ4M...

PT-2024-33556 · Oracle · Oracle-Sidecar

Name of the Vulnerable Software and Affected Versions: oracle-sidecar versions 0.347.0 through 0.543.0 Description: The issue concerns SQL injections in multiple endpoints. An unauthenticated attacker can compromise data. Recommendations: For versions 0.347.0 through 0.543.0, upgrade the affected...

PT-2024-35040 · Unknown · Gonzalo Geraldo Adventure Bucket List

Name of the Vulnerable Software and Affected Versions: Gonzalo Geraldo Adventure Bucket List versions 1.0.0 through 1.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS, which can ...

PT-2024-33182 · Unknown · Officeweb365

Name of the Vulnerable Software and Affected Versions: OfficeWeb365 versions 7.18.23.0 through 8.6.1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "pw/savedraw" component. This enables the attacker to upload files that can lead to code execution, potentially...

PT-2024-34832 · Unknown · Manage User Columns

Name of the Vulnerable Software and Affected Versions: Manage User Columns versions 1.0.0 through 1.0.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the use...

UBUNTU-CVE-2024-52303

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

Apache Tomcat 9.0.0-M1 < 9.0.96 / 9.0.92 < 9.0.96 Multiple Vulnerabilities

Binary data 701495.pasl...

com.elega9t:fitnesse-params (=0.0.1), com.github.andreptb:fitnesse-maven-runner-plugin (>=0.2.0 <=0.2.1) +69 more potentially affected by CVE-2024-42499 via org.fitnesse:fitnesse (>=20050731 <=20240707)

org.fitnesse:fitnesse MAVEN version =20050731, =0.2.0, =0.1.0, =BETA-V1.00, =1.0.6, =1.0.0, =1.0.0, =1.2.1, =1.0.1, =1.1.0, =1.0.0, =1.0.0, =1.6.0, =1.6.5 and more Source cves: CVE-2024-42499 Source advisory: OSV:GHSA-Q297-5FF8-HC92...

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a suite of scalable HTTP proxy and caching servers from the Apache Foundation in the United States. A security vulnerability exists in Apache Traffic Server versions 9.2.0 through 9.2.5, which stems from a valid Host header field that could cause the server to crash o...

PT-2024-38093 · Unknown · Dingo Dlibra

Name of the Vulnerable Software and Affected Versions: DInGO dLibra software versions 6.0 through 6.3.19 Description: The issue is related to improper neutralization of input during web page generation, allowing a Reflected Cross-Site Scripting XSS attack. This occurs in the filter parameter of t...

Stormshield Network Security 安全漏洞

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security versions 4.0.0 through 4.3.31 and 4.4.0 through 4.8.3, which stems from an attacker's ability to bypass...

PT-2024-31720 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.1 through 12.1 Description: The issue is related to a denial of service condition where the server may crash under certain conditions when processing a specially...

PT-2024-34757 · Unknown · Aajoda Testimonials

Name of the Vulnerable Software and Affected Versions: Aajoda Testimonials versions n/a through 2.2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Aajoda Testimonials...

PT-2024-34819 · Unknown · Sastra Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Sastra Essential Addons for Elementor versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a DOM-Based XSS...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +234 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

Filament 安全漏洞

Filament is a collection of full-stack components used to accelerate Laravel development from Filament open source. A security vulnerability exists in Filament versions prior to 3.2.0 through 3.2.123, which stems from the use of the public disk as the default disk, resulting in sensitive data bei...

ace-step (=0.1.0), agentic-reliability-framework (>=2.0.0 <=2.0.2) +223 more potentially affected by CVE-2024-51751 via gradio (>=5.0.0 <=5.50.0)

gradio PYPI version =5.0.0, =2.0.0, =0.3.2, =0.1.1, =0.6.0, =0.1.4, =0.0.1, =0.0.1, =0.2.0, =0.1.1, =1.0.1, =1.3.1 and more Source cves: CVE-2024-51751 Source advisory: OSV:PYSEC-2024-275...

ansible (>=10.0.0a1 <=10.7.0), ansible-playbook-grapher (>=2.3.0 <=2.5.0) +24 more potentially affected by CVE-2024-9902 via ansible-core (>=2.17.14 <=2.17.4)

ansible-core PYPI version =2.17.14, =10.0.0a1, =2.3.0, =0.2.1, =2.1.1b1, =4.1.0, =0.1.0, =10.0.0, =0.1.0, =1.3.3, =17.0.0, =0.1.0a0, =19.0.0, =20.5.1, =21.2.7 and more Source cves: CVE-2024-9902 Source advisory: OSV:GHSA-32P4-GM2C-WMCH...

Apache Solr 5.3.0 < 8.11.4 / 9.x < 9.7.0 Authentication Bypass

Apache Solr versions 5.3.0 prior to 8.11.4 or 9.x prior to 9.7.0 using the PKIAuthenticationPlugin, which is activated by default when Solr authentication is used, enables an attacker to bypass authentication via a specially forged request. No source data...