|
315851
|
9.8 |
CRITICAL
Network
|
squirrelly
|
squirrelly
|
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
|
CWE-94
Code Injection
|
CVE-2024-40453
|
2024-08-24 02:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315852
|
6.1 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41675
|
2024-08-24 02:07 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315853
|
5.3 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-41674
|
2024-08-24 02:06 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315854
|
7.8 |
HIGH
Local
|
microfocus
|
netiq_privileged_access_manager
|
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
|
CWE-78
OS Command
|
CVE-2020-11847
|
2024-08-24 02:04 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315855
|
7.5 |
HIGH
Network
|
microfocus
|
netiq_privileged_access_manager
|
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resource…
|
NVD-CWE-noinfo
|
CVE-2020-11846
|
2024-08-24 02:03 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315856
|
6.1 |
MEDIUM
Network
|
microfocus
|
netiq_self_service_password_reset
|
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
|
CWE-79
Cross-site Scripting
|
CVE-2020-11850
|
2024-08-24 02:02 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315857
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web int…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-6329
|
2024-08-24 02:01 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315858
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a …
|
CWE-287
Improper Authentication
|
CVE-2024-4784
|
2024-08-24 01:59 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315859
|
7.5 |
HIGH
Network
|
dell
|
insightiq
|
Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to in…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-28972
|
2024-08-24 01:59 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315860
|
7.8 |
HIGH
Local
|
autodesk
|
revit
|
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the curren…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-37008
|
2024-08-24 01:57 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
