PT-2024-2154 · Atlassian · Jira Service Management Server +1

Name of the Vulnerable Software and Affected Versions: Assets Discovery versions 1.0 through 6.2.0 Description: This issue allows an authenticated attacker to modify system calls, potentially impacting confidentiality, integrity, and availability. It requires no user interaction. Assets Discovery...

Decidim security breach

Decidim is a participatory democracy framework written in Ruby on Rails. A security vulnerability exists in Decidim versions 0.23.0 through 0.27.4, which stems from a possible cross-site request forgery attack in the questionnaire templates preview...

GHSA-XFG6-62PX-CXC2 Duplicate Advisory: SQL injection in pgjdbc

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-24rp-q3w6-vc56. This link is maintained to preserve external references. Original Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not t...

SUSE CVE-2024-25580

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file...

am.ik.hazelcast:hazelcast-dns-service-discovery (=1.0.0), br.com.ingenieux:jbake-maven-plugin (>=0.0.3 <=0.0.9) +1406 more potentially affected by CVE-2023-45860 via com.hazelcast:hazelcast (>=1.7 <=5.1.7)

com.hazelcast:hazelcast MAVEN version =1.7, =0.0.3, =20.3.0, =24.2.0, =20.3.0, =2.23.5, =2.23.5, =23.1.0, =2.23.0, =2.23.5, =2.23.5, =2.23.5, =3.1.13, =3.1.483 - ch.mobi.mobitor:mobitor-doc =3.1.13 - cloud.configs:ConfigsCloudClient =1.1 and more Source cves: CVE-2023-45860 Source advisory:...

article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +19 more potentially affected by CVE-2024-3572 via scrapy (>=1.3.3 <=1.8.0)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.5, =0.1.8 and more Source cves: CVE-2024-3572 Source advisory: OSV:GHSA-7J7M-V7M3-JQM7...

ayugespidertools (>=3.4.0 <=3.9.5), baotool (=1.0.1) +7 more potentially affected by CVE-2024-3574 via scrapy (>=2.0.1 <=2.11.0)

scrapy PYPI version =2.0.1, =3.4.0, =2.8.3, =0.3.0a0, =0.1.2, =0.2.3, =0.2.1, =0.4.0, =0.8.1 Source cves: CVE-2024-3574 Source advisory: OSV:GHSA-CW9J-Q3VF-HRRV...

PT-2024-13241

Name of the Vulnerable Software and Affected Versions Comarch ERP XL versions 2020.2.2 through 2023.2 Description The Comarch ERP XL client is vulnerable to an MS SQL protocol downgrade request from the server side, which could lead to unencrypted communication. This makes the communication...

CVE-2024-23952 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)

This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset...

PT-2024-19434 · Dell · Dell Mobility - E-Lab Navigator

Name of the Vulnerable Software and Affected Versions: Dell Mobility - E-Lab Navigator versions 3.1.9 through 3.2.0 Description: The issue allows an unauthenticated attacker with local access to potentially exploit the vulnerability, leading to the launch of phishing attacks. It is related to an...

PT-2024-13187 · Dell · Dell Secure Connect Gateway Appliance

Name of the Vulnerable Software and Affected Versions: Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance versions 5.10.00.00 through 5.18.00.00 Description: A security concern has been identified where a malicious user with a valid user session may inject malicious...

PT-2024-13227 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.15 through 10.0 Description: An issue was discovered in Zimbra Collaboration, where an attacker can inject JavaScript or HTML code through the help document endpoint in webmail, leading to cross-site...

PT-2024-2552 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x Description: The issue is related to the insertion of sensitive information into log files, which could be exploited by a low-privileged local attacker. This exploitation may lead to the...

PT-2024-7837 · Esri · Esri Portal For Arcgis Enterprise Sites

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise versions 10.8.1 through 10.9.1 Description: The issue is a stored Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link stored in the Layer Showcase...

CVE-2023-50061

PrestaShop Op'art Easy Redirect = 1.3.8 and = 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop oparteasyredirect versions 1.3.8 through 1.3.12, which...

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +10 more potentially affected by CVE-2024-24815 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-24815 Source advisory: OSV:GHSA-FQ6H-4G8V-QQVM...

CVE-2023-38369

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196...

CVE-2023-31002

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657...

org.apache.pulsar:pulsar-server-distribution (>=3.0.0 <=3.0.17) potentially affected by CVE-2023-51437 via org.apache.pulsar:pulsar-broker-auth-sasl (>=3.0.0 <=3.0.17)

org.apache.pulsar:pulsar-broker-auth-sasl MAVEN version =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2023-51437 Source advisory: OSV:GHSA-C57V-4VG5-CM2X...