|
313511
|
- |
|
-
|
-
|
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. Th…
|
-
|
CVE-2024-43093
|
2024-11-14 11:00 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313512
|
7.8 |
HIGH
Local
|
artifex
|
ghostscript
|
An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.
|
CWE-22
Path Traversal
|
CVE-2024-46954
|
2024-11-14 10:58 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313513
|
5.5 |
MEDIUM
Local
|
artifex
debian
suse
|
ghostscript
debian_linux
linux_enterprise_high_performance_computing
linux_enterprise_server
linux_enterprise_server_for_sap
|
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
|
CWE-125
Out-of-bounds Read
|
CVE-2024-46955
|
2024-11-14 10:53 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313514
|
6.1 |
MEDIUM
Network
|
microsoft
|
nugetgallery
|
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HT…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47604
|
2024-11-14 08:17 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313515
|
7.5 |
HIGH
Network
|
siemens
|
simatic_cp_1543-1_firmware
|
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unau…
|
CWE-863
Incorrect Authorization
|
CVE-2024-50310
|
2024-11-14 08:15 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313516
|
7.3 |
HIGH
Local
|
siemens
|
solid_edge_se2024
|
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-47942
|
2024-11-14 08:15 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313517
|
7.8 |
HIGH
Local
|
siemens
|
solid_edge_se2024
|
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-47941
|
2024-11-14 08:15 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313518
|
7.8 |
HIGH
Local
|
siemens
|
solid_edge_se2024
|
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-47940
|
2024-11-14 08:14 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313519
|
6.5 |
MEDIUM
Local
|
siemens
|
sinec_nms
|
A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-47808
|
2024-11-14 08:14 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313520
|
7.8 |
HIGH
Local
|
siemens
|
siport
|
A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders.
This could allow a local attacker with …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-47783
|
2024-11-14 08:13 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
