CVE-2024-2049

Server-Side Request Forgery SSRF in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP...

Citrix SD-WAN Code Issue Vulnerability

Citrix Systems Citrix SD-WAN is a networking product from Citrix Systems, Inc. It virtualizes and optimizes enterprise site-to-site networks. A code issue vulnerability exists in Citrix SD-WAN versions 11.4.0 through 11.4.4.46, which originated from a code issue that allows an attacker to disclos...

SUSE CVE-2024-1931

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's...

CVE-2023-42509

JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data...

ALPINE-CVE-2024-1931

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's...

JSONata Security Vulnerabilities

JSONata is a JSON query and transformation language. A security vulnerability exists in JSONata versions 1.4.0 through prior to 2.0.4, which stems from a malicious expression that can override attributes on object constructors and prototypes using conversion operators, which could result in a...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.8.0 through 1.10.0, which can be exploited by an attacker to read...

Jenkins HTML Publisher Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2021-39090

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

PT-2024-6152

Name of the Vulnerable Software and Affected Versions Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.16412 Description The issue is related to improper path validation in the promecefpluginhost.exe component of Kingsoft WPS Office, allowing an attacker to load arbitrary Windows librarie...

acme-dns-rust (>=1.0.0 <=1.0.6), asfa (>=0.1.0 <=0.5.2) +72 more potentially affected by unknown CVE via whoami (>=0.5.3 <=1.2.3)

whoami CARGO version =0.5.3, =1.0.0, =0.1.0, =3.0.0, =0.60.0, =0.60.0, =0.1.0, =0.27.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.2.1, =0.0.0, =0.0.1, =0.1.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0020...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +379 more potentially affected by CVE-2024-0243 via langchain (>=0.0.100 <=0.0.96)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.8.0, =0.8.5 and more Source cves: CVE-2024-0243 Source advisory: OSV:GHSA-H9J7-5XVC-QHG5...

PT-2024-13075 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 12.0.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +149 more potentially affected by CVE-2024-27132 via mlflow (>=0.8.2 <=2.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-27132 Source advisory: OSV:PYSEC-2024-240...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +22635 more potentially affected by CVE-2024-22243 via org.springframework:spring-web (>=1.2.1 <=5.2.25.RELEASE)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =4.4.0.0, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.21 and more Source cves: CVE-2024-22243 Source advisory: OSV:GHSA-CCGV-VJ62-XF9H...

a2grunnerp (>=0.1.0 <=0.1.8), aad-fastapi (>=1.0.0 <=1.1.2) +2297 more potentially affected by CVE-2024-26130 via cryptography (>=38.0.0 <=42.0.3)

cryptography PYPI version =38.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =2.3.36, =0.1.17, =0.3.4, =0.4.7, =0.3.2, =0.0.1, =0.1.1, =0.1.15 and more Source cves: CVE-2024-26130 Source advisory: OSV:GHSA-6VQW-3V5J-54X4...

@bundly/ic-core-js (>=0.1.0 <=0.4.2-rc.4), @bundly/ic-react (>=0.1.0 <=0.4.2-rc.4) +29 more potentially affected by CVE-2024-1631 via @dfinity/identity (>=0.20.2 <=0.9.3)

@dfinity/identity NPM version =0.20.2, =0.1.0, =0.1.0, =0.1.1, =0.0.2, =0.8.5, =0.8.0, =0.8.4, =0.1.8, =0.1.11, =1.0.0-alpha.0, =1.7.0, =0.0.1, =0.0.1, =0.0.4, =0.0.5-fix6 and more Source cves: CVE-2024-1631 Source advisory: OSV:GHSA-C9VV-FHGV-CJC3...

com.liferay:com.liferay.my.account.web (>=1.0.0 <=1.0.12), com.liferay:com.liferay.portal.settings.web (>=1.0.0 <=1.2.4) potentially affected by CVE-2021-29038 via com.liferay:com.liferay.users.admin.web (>=1.0.0 <=2.3.0)

com.liferay:com.liferay.users.admin.web MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.2.4 Source cves: CVE-2021-29038 Source advisory: OSV:GHSA-MWHF-6MJM-6W3H...

PT-2024-10354 · Drupal · Node Access Rebuild Progressive

Name of the Vulnerable Software and Affected Versions: Node Access Rebuild Progressive versions 0.0.0 through 2.0.1 Node Access Rebuild Progressive version prior to 2.0.2 can be simplified to the above range, so it is omitted to avoid duplication. Description: The issue is related to improper...

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...