PT-2024-10086 · Drupal · Drupal Advanced Pwa Inc Push Notifications

Name of the Vulnerable Software and Affected Versions: Drupal Advanced PWA inc Push Notifications versions 0.0.0 through 1.5.0 Description: The issue is related to an incorrect authorization vulnerability in the Drupal Advanced PWA inc Push Notifications module, which allows for forceful browsing...

PT-2024-3335 · Ruby +7 · Ruby +7

Name of the Vulnerable Software and Affected Versions: Ruby versions 3.0.0 through 3.3.0 Description: The issue is related to a buffer overflow in the heap of the Ruby programming language interpreter. It allows an attacker to impact the confidentiality, integrity, and availability of protected...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-postgres (>=1.7.0 <=1.7.12) +8 more potentially affected by unknown CVE via dbt-core (>=1.7.0 <=1.7.12)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: unknown CVE Source advisory: OSV:GHSA-P72Q-H37J-3HQ7...

org.apache.hugegraph:hugegraph-api (>=1.0.0 <=1.2.0), org.apache.hugegraph:hugegraph-cassandra (>=1.0.0 <=1.2.0) +9 more potentially affected by CVE-2024-27348 via org.apache.hugegraph:hugegraph-core (>=1.0.0 <=1.2.0)

org.apache.hugegraph:hugegraph-core MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2024-27348 Source advisory: OSV:GHSA-29RC-VQ7F-X335...

PT-2024-28797 · Beyondtrust +1 · Beyondtrust U-Series Appliance +1

Name of the Vulnerable Software and Affected Versions: BeyondTrust U-Series Appliance versions 3.4 through 4.0.2 Description: The issue is related to improper privilege management, allowing privilege escalation. This is due to a vulnerability in the local appliance API modules on Windows, 64-bit...

nora-common 安全漏洞

nora-common is a common repo between the NORA Node Red client and the NORA Firebase backend by Andrei Tatar Individual Developer. A security vulnerability exists in nora-common versions v.1.0.41 through v.1.12.2, which originates from a vulnerability that allows remote attackers to execute...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2024-1249 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2024-1249 Source advisor...

a2grunnerp (>=0.1.0 <=0.1.8), academic-emotion (=0.1.2) +491 more potentially affected by CVE-2024-3660 via keras (>=1.2.1 <=2.13.1)

keras PYPI version =1.2.1, =0.1.0, =0.1.0, =1.3.0, =7.13.1, =1.1.1, =1.8.15, =1.8.17, =0.0.1, =0.0.157, =0.1.18, =1.8.14, =2.2.0 and more Source cves: CVE-2024-3660 Source advisory: OSV:GHSA-X4WF-678H-2PMQ...

OpenFGA 安全漏洞

OpenFGA is OpenFGA's high performance and flexible authorization/licensing engine built for developers and inspired by Google Zanzibar. A security vulnerability exists in OpenFGA versions prior to 1.5.0 to 1.5.3 that stems from an authorization bypass vulnerability when a user calls the Check or...

Kohya_ss 安全漏洞

Kohya is a repository for bmaltais individual developers. A security vulnerability exists in Kohyass versions v22.6.1 through v23.1.3, which stems from a command injection vulnerability in basicoptiongui.py...

Kohya_ss 安全漏洞

Kohya is a repository for bmaltais individual developers. A security vulnerability exists in Kohyass versions v22.6.1 through v23.1.3, which stems from a path injection vulnerability in the commongui.py findandreplace function...

UBUNTU-CVE-2024-24898

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects...

Apache Solr Operator 日志信息泄露漏洞

Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation. The product supports hierarchical search, vertical search, highlighting of search results, and more. A log information disclosure vulnerability exists in Apache Solr Operator versions 0.3.0 throug...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE. An attacker exploited the...

PT-2024-21779 · Ibm · Ibm Storage Defender - Resiliency Service

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.2 Description: The issue allows a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was...

CVE-2024-31819

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component...

PT-2024-24260 · Ibm · Ibm Security Verify Access Appliance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 Description: The issue allows a malicious actor to conduct a man-in-the-middle attack when deploying Open Source scripts due to missing certificate validation. Recommendation...

GHSA-86JX-WR74-XR74 Improper escaping in Apache Zeppelin

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...

GHSA-FRC2-W2CC-X794 Eclipse Kura LogServlet vulnerability

In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...

LG webOS 安全漏洞

LG webOS is a Linux kernel-based smart TV operating system from South Korea's Lakin LG. A security vulnerability exists in LG webOS that originates from a hint bypass in the secondscreen.gateway service. An attacker can exploit the vulnerability to create a privileged account without asking the...