5.8
CVE-2024-29030 - memos vulnerable to an SSRF in /api/resource
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.
9.1
CVE-2024-32644 - Evmos' transaction execution not accounting for all state transition after interaction with precompโฆ
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit isโฆ
6.9
CVE-2024-32478 - Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files
Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.
9.8
CVE-2024-32038 - Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manaโฆ
8.8
CVE-2023-50260 - Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the actโฆ
8
CVE-2024-3684 - Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escโฆ
A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability requirโฆ
6.5
CVE-2023-49275 - Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with thโฆ
8
CVE-2024-3646 - Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege eโฆ
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub Enterpโฆ
5.9
CVE-2024-3470 - Repository administrator can bypass organization's ruleset using deploy keys
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as wellโฆ
7.8
CVE-2023-37400 - IBM Aspera Faspex privilege escalation
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.