Fortinet FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox has a security vulnerability that stems from the presenc...

PT-2024-14007 · Gog · Gog Galaxy

Name of the Vulnerable Software and Affected Versions: GOG Galaxy Beta versions 2.0.67.2 through 2.0.71.2 Description: An issue exists in GalaxyClientService.exe that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC...

acme-client (>=0.1.0 <=0.2.0), aerial (=0.1.0) +690 more potentially affected by unknown CVE via hpack (>=0.2.0 <=0.3.0)

hpack CARGO version =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.7.0, =0.0.1, =0.1.0, =0.5.0, =0.1.3, =0.1.13 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W7HM-HMXV-PVHF...

Sunshine 安全漏洞

Sunshine is a Moonlight self-hosted live game host. A security vulnerability exists in Sunshine versions prior to 0.16.0 through 0.18.0 that stems from the presence of a path traversal vulnerability...

AZL-39259 CVE-2023-45288 affecting package moby-containerd-cc for versions less than 1.7.7-4

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

@angular-devkit/build-angular (>=17.1.0-next.1 <=18.0.0-next.1), @directus/api (>=15.0.0 <=19.0.2) +25 more potentially affected by CVE-2024-30261 via undici (>=6.0.1 <=6.10.2)

undici NPM version =6.0.1, =17.1.0-next.1, =15.0.0, =10.0.15, =1.0.7, =18.0.0-next.3, =18.0.0-next.3, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.5, =1.0.6 and more Source cves: CVE-2024-30261 Source advisory: OSV:GHSA-9QXR-QJ54-H672...

IBM WebSphere Application Server Liberty 资源管理错误漏洞

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A resource management error vulnerability exists in IBM WebSphere Application Server Liberty versions 18.0.0.2 through 24.0.0.3, which can be...

Vite 安全漏洞

Vite is a new front-end builder tool open-sourced by Vite. A security vulnerability exists in Vite that stems from server.fs.deny not rejecting requests with directory patterns. Affected products and versions: Vite versions 2.7.0 through 2.9.17, 3.0.0 through 3.2.8, 4.0.0 through 4.5.2, 5.0.0...

@akrc/vidocs (>=0.0.0 <=0.0.2), @alexzzz/npms (>=0.0.5 <=0.2.0) +93 more potentially affected by CVE-2024-31207 via vite (>=3.0.0 <=3.2.1)

vite NPM version =3.0.0, =0.0.0, =0.0.5, =1.0.1, =1.0.1, =3.2.0, =0.0.37, =0.0.35, =0.2.3, =0.0.0-canary-20220718083044, =0.0.6, =0.1.0, =0.0.3, =6.24.0, =5.1.0, =5.1.2 and more Source cves: CVE-2024-31207 Source advisory: OSV:GHSA-8JHW-289H-JH2G...

IBM WebSphere Application Server Liberty 资源管理错误漏洞

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A resource management error vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3, which stems fro...

PT-2024-23787 · Unknown · Woocommerce Bookings Calendar

Name of the Vulnerable Software and Affected Versions: WooCommerce Bookings Calendar versions 1.0.0 through 1.0.36 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for potential malicious script...

SUSE CVE-2024-1313

It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the permission to write/edit ...

CVE-2024-30458

Cross-Site Request Forgery CSRF vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7...

CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

Tongtianxing CMSV6 SQL注入漏洞

Tongtianxing CMSV6 is a vehicle information based data platform from Tongtianxing. A SQL injection vulnerability exists in Tongtianxing CMSV6 versions v.7.31.0.2 through v.7.31.0.3, which could allow a remote attacker to elevate privileges and gain access to sensitive information via the ids...

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy-to-use, readable and flexible SSL library. A security vulnerability exists in Mbed TLS versions 2.18.0 through 2.28.8 and prior to 3.6.0, which stems from the incorrect handling of shared memory in the PSA Crypto API...

PT-2024-5038 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 12.4 through 14.2 Description: The issue in WWBN AVideo is related to insufficient input validation in the submitIndex.php file of the WWBNIndex plugin, allowing a remote attacker to execute arbitrary code via the...

PT-2024-2505 · Dell · Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x Description: The issue is related to improper privilege management in the PowerScale OneFS operating system. This could allow an attacker to escalate their privileges. A local...

PT-2024-10136 · Tacjs · Tacjs

Name of the Vulnerable Software and Affected Versions: TacJS versions 0.0.0 through 6.4.9 Description: The issue is related to improper neutralization of input during web page generation, which allows for Cross-Site Scripting XSS attacks. This can enable a remote attacker to perform inter-site...

PT-2024-19357 · Ibm · Ibm Websphere Application Server Liberty

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.4 Description: The issue is a denial of service caused by sending a specially crafted request, allowing a remote attacker to consume memory resources on the server...