7.7
CVE-2024-31457 - gin-vue-admin background arbitrary code coverage vulnerability
gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Pluginβ¦
5.5
CVE-2024-25116 - Specially crafted CF.RESERVE command can lead to denial-of-service
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7β¦
7
CVE-2024-25115 - RedisBloom heap buffer overflow in CF.LOADCHUNK command
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in Rβ¦
8.4
CVE-2024-22423 - yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variaβ¦
6.5
CVE-2024-31454 - PsiTransfer file integrity violation vulnerability
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerabβ¦
4.1
CVE-2024-27242 - Zoom Desktop Client for Linux - Cross Site Scripting
Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.
5.5
CVE-2024-27247 - Zoom Desktop Client for macOS - Improper Privilege Management
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.
5.9
CVE-2024-24694 - Zoom Desktop Client for Windows - Improper Privilege Management
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.
6.5
CVE-2024-31453 - PsiTransfer vulnerable to violation of the integrity of file distribution
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability alβ¦
8.8
CVE-2024-29993 - Azure CycleCloud Elevation of Privilege Vulnerability
Azure CycleCloud Elevation of Privilege Vulnerability