CVE-2023-47150

IBM Common Cryptographic Architecture CCA 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602...

AZL-42527 CVE-2023-6175 affecting package wireshark 4.0.8-1

NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file...

PT-2024-23250

Name of the Vulnerable Software and Affected Versions Xylus Themes WordPress Importer versions 1.0.0 through 1.0.4 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks...

PT-2024-21785 · Ibm · Ibm Websphere Application Server Liberty

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server Liberty versions 23.0.0.3 through 24.0.0.3 Description: This issue allows users to embed arbitrary JavaScript code in a specially crafted URI, potentially leading to cross-site scripting. The estimated number ...

@oneuptime/common-server (>=7.0.141 <=7.0.1814), @oneuptime/common-ui (>=7.0.141 <=7.0.1814) +1 more potentially affected by CVE-2024-29194 via @oneuptime/model (>=7.0.141 <=7.0.1814)

@oneuptime/model NPM version =7.0.141, =7.0.141, =7.0.141, =7.0.141, =7.0.1769 Source cves: CVE-2024-29194 Source advisory: OSV:GHSA-246P-XMG8-WMCQ...

UBUNTU-CVE-2024-30161

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...

Symfony 安全漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony versions 1.1.0 through 1.5.19 and earlier. An attacker can exploit this vulnerability to remotely execute code...

CVE-2023-47715

IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538...

Apache Commons Configuration 缓冲区错误漏洞

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

Sonatype IQ Server 安全漏洞

Sonatype IQ Server is an open source governance and policy management tool from Sonatype USA. It is used to provide compliance metadata for open source components stored in the Nexus repository. A security vulnerability exists in Sonatype IQ Server versions 143 through 170, which stems from the...

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno versions 1.36.2 through 1.40.3, which stems from an insecure const cvoid, ExternalPointer, which leads to reuse after release...

PT-2024-21726 · Jean David Daviet · Download Media

Name of the Vulnerable Software and Affected Versions: Download Media versions n/a through 1.4.2 Description: The issue is related to a Missing Authorization vulnerability in Jean-David Daviet Download Media. Recommendations: For Download Media versions n/a through 1.4.2, update to a version late...

Docassemble 安全漏洞

Docassemble is a free, open source expert system for guided interviews and document assembly. An information disclosure vulnerability exists in Docassemble versions 1.4.53 through 1.4.96, which can be exploited by an attacker to gain unauthorized access to system information by manipulating a URL...

PT-2024-13477 · Ibm · Ibm Storage Protect Plus Server

Name of the Vulnerable Software and Affected Versions: IBM Storage Protect Plus Server versions 10.1.0 through 10.1.16 Description: The issue allows an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration, resulting in unauthorized acces...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +25 more potentially affected by CVE-2024-29027 via parse-server (>=2.0.8 <=6.5.11)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2024-29027 Source advisory: OSV:GHSA-6HH7-46R2-VF29...

Artica Pandora FMS Path Traversal Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A path traversal vulnerability exists in Artica Pandora FMS versions 700 through 776 that could allow an attacker to chang...

app.valuationcontrol:library (>=0.5.2 <=0.5.6), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +1445 more potentially affected by CVE-2024-22257 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.2)

org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.2, =1.0.18, =1.0.2, =1.0.2, =1.0.11, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.2.2 and more Source cves: CVE-2024-22257 Source advisory: OSV:GHSA-F3JH-QVM4-MG39...

OESA-2024-1294 aops-zeus security update

A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...

PYSEC-2024-46

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.Users of Apache Airflow are recommended to upgrade to versio...

masquerade-proxy (=0.1.0), monoio-quiche (=0.0.1) +3 more potentially affected by CVE-2024-1410 via quiche (>=0.10.0 <=0.18.0)

quiche CARGO version =0.10.0, =0.1.0, =0.6.9 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2024-1410 Source advisory: OSV:GHSA-XHG9-XWCH-VR7X...