Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-5821 |
The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. When a user requests the content of a file with a misspelled name, the agent attempts to correct the command and inadvertently reveals the content of the intended file, such as /etc/passwd. This can lead to unauthorized access to sensitive information and potential server compromise. Published: July 03, 2024; 2:15:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35227 |
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability. Published: July 03, 2024; 2:15:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-31223 |
Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. The vulnerability has been patched in Fides version 2.39.2rc0. No known workarounds are available. Published: July 03, 2024; 2:15:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-29509 |
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. Published: July 03, 2024; 2:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-29508 |
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. Published: July 03, 2024; 2:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-29506 |
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. Published: July 03, 2024; 2:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-52169 |
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. Published: July 03, 2024; 2:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-52168 |
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. Published: July 03, 2024; 2:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-3332 |
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device Published: July 03, 2024; 1:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-39844 |
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Published: July 03, 2024; 1:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-39248 |
A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php. Published: July 03, 2024; 1:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-6126 |
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack. Published: July 03, 2024; 11:15:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-6052 |
Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements Published: July 03, 2024; 11:15:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-39223 |
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey Published: July 03, 2024; 11:15:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-39220 |
BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request. Published: July 03, 2024; 11:15:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-6471 |
A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file sms_setting.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270279. Published: July 03, 2024; 10:15:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37726 |
Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe Published: July 03, 2024; 10:15:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32937 |
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. Published: July 03, 2024; 10:15:05 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2024-6470 |
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php?app=main&inc=feature_inboxgroup&op=list of the component Template Handler. The manipulation of the argument Receiver Number with the input {{`id`}} leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-270278 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: July 03, 2024; 9:15:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5672 |
A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command. Published: July 03, 2024; 9:15:03 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |