abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +145 more potentially affected by CVE-2024-39863 via apache-airflow (>=1.8.2 <=2.9.1)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.6.0 and more Source cves: CVE-2024-39863 Source advisory: OSV:GHSA-J482-47XF-P25C...

CVE-2024-39729

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968...

Stormshield Network Security Security Vulnerabilities

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security SNS versions 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0, which originates from the fact that...

CVE-2024-39733

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972...

@a-type/ui (>=0.8.17 <=1.2.3), @adminjs/design-system (>=3.0.0 <=3.1.1) +402 more potentially affected by unknown CVE via prosemirror-model (>=1.0.1 <=1.21.3)

prosemirror-model NPM version =1.0.1, =0.8.17, =3.0.0, =0.1.0, =0.0.1, =13.1.0, =10.4.0, =0.0.2, =3.0.0, =16.0.0, =0.0.1, =7.0.0, =47.0.0, =8.0.0, =126.0.0, =194.4.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-PROSEMIRRORMODEL-7838221...

PT-2024-4960 · Ibm · Ibm Datacap Navigator

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9 Description: The issue exists due to insufficient protection of the web page structure, allowing for stored cross-site scripting attacks. This enables users to embed arbitrary JavaScript code...

GitLab CE/EE Security Vulnerabilities

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE. An attacker exploiting the...

PT-2024-4667 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.8 through 16.11.6 GitLab CE/EE versions 17.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 Description: An issue was discovered in GitLab CE/EE, which allows an attacker to trigger a pipeline as another use...

PT-2024-27604 · Tablesome · Tablesome

Name of the Vulnerable Software and Affected Versions: Table & Contact Form 7 Database – Tablesome versions 1.0.0 through 1.0.33 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made accessible to...

ALPINE-CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +3381 more potentially affected by CVE-2024-5971 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.2.33.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2024-5971 Source advisory: OSV:GHSA-XPP6-8R3J-WW43...

1337x (=1.2.5), 170051277-trab-final-gces (>=0.3.0 <=0.5.0) +2107 more potentially affected by CVE-2024-39689 via certifi (>=2021.5.30 <=2024.6.2)

certifi PYPI version =2021.5.30, =0.3.0, =0.1.0, =0.2.1, =0.1.2, =1.0.0, =1.0.4, =1.0.11, =2.3.0, =1.0.0, =1.0.4 and more Source cves: CVE-2024-39689 Source advisory: OSV:GHSA-248V-346W-9CWC...

PT-2024-24989 · Grandstream · Grandstream Gxp2135

Name of the Vulnerable Software and Affected Versions: Grandstream GXP2135 versions 1.0.9.129 through 1.0.11.79 Description: An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality. A specially crafted network packet can lead to arbitrary command execution. An...

CVE-2024-26314

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code...

CVE-2024-37126

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access...

CVE-2024-32853

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges...

toy-blog Security Breach

toy-blog is a CMS system by the individual developer Kisaragi. A security vulnerability exists in toy-blog versions prior to 0.5.4 through 0.6.1, which stems from the ability to read articles with private visibility if the reader does not set the requested credentials...

R Language Vulnerable to Arbitrary Code Execution via Malicious RDS Files (v1.4.0–<4.4.0)

...

CVE-2024-25580

...

CVE-2023-38368

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195...