|
319701
|
9.8 |
CRITICAL
Network
|
ivanti
|
virtual_traffic_management
|
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
|
CWE-287
Improper Authentication
|
CVE-2024-7593
|
2024-09-25 10:00 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319702
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-44188
|
2024-09-25 05:38 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319703
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-40859
|
2024-09-25 05:31 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319704
|
7.5 |
HIGH
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability t…
|
NVD-CWE-noinfo
|
CVE-2024-47000
|
2024-09-25 05:25 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319705
|
6.5 |
MEDIUM
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to …
|
NVD-CWE-noinfo
|
CVE-2024-46999
|
2024-09-25 05:20 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319706
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-45809
|
2024-09-25 05:12 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319707
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requ…
|
NVD-CWE-noinfo
|
CVE-2024-45810
|
2024-09-25 04:48 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319708
|
4.8 |
MEDIUM
Network
|
mage-people
|
bus_ticket_booking_with_seat_reservation
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affe…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43985
|
2024-09-25 04:33 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319709
|
6.1 |
MEDIUM
Network
|
couchbase
|
couchbase_server
|
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
|
CWE-74
Injection
|
CVE-2024-25673
|
2024-09-25 04:08 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319710
|
5.5 |
MEDIUM
Local
|
apple
|
macos
ipados
iphone_os
visionos
tvos
watchos
|
A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS So…
|
NVD-CWE-noinfo
|
CVE-2024-44183
|
2024-09-25 04:04 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
