61
|
- |
|
-
|
-
|
A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
New
|
-
|
CVE-2024-48424
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
62
|
- |
|
-
|
-
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?t…
New
|
-
|
CVE-2024-48931
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
63
|
- |
|
-
|
-
|
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
New
|
-
|
CVE-2024-48423
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
64
|
- |
|
-
|
-
|
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
New
|
-
|
CVE-2024-48208
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
65
|
- |
|
-
|
-
|
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resour…
New
|
CWE-918 CWE-36
Server-Side Request Forgery (SSRF) Absolute Path Traversal
|
CVE-2024-47883
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
66
|
- |
|
-
|
-
|
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback with…
New
|
CWE-79 CWE-81
Cross-site Scripting
|
CVE-2024-47882
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
67
|
- |
|
-
|
-
|
OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be s…
New
|
CWE-89
SQL Injection
|
CVE-2024-47881
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
68
|
- |
|
-
|
-
|
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a C…
New
|
CWE-79 CWE-348
Cross-site Scripting Use of Less Trusted Source
|
CVE-2024-47880
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
69
|
- |
|
-
|
-
|
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a mal…
New
|
CWE-352 CWE-94
Origin Validation Error Code Injection
|
CVE-2024-47879
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
70
|
- |
|
-
|
-
|
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `<script>` tag …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47878
|
2024-10-25 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|