5.5
CVE-2022-40745 - IBM Aspera Faspex information disclosure
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.
3.6
CVE-2023-37397 - IBM Aspera Faspex data manipulation
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.
5
CVE-2024-29991 - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
6.5
CVE-2023-27279 - IBM Aspera Faspex denial of service
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
2.5
CVE-2023-37396 - IBM Aspera Faspex information disclosure
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.
7.5
CVE-2024-32650 - Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper β¦
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in anβ¦
6.1
CVE-2024-29183 - OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of aβ¦
5.5
CVE-2023-22869 - IBM Aspera Faspex information disclosure
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.
6.1
CVE-2024-29029 - memos vulnerable to an SSRF in /o/get/image
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current sβ¦
5.8
CVE-2024-29028 - memos vulnerable to an SSRF in /o/get/httpmeta
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.