6.5
CVE-2024-21424 - Azure Compute Gallery Elevation of Privilege Vulnerability
Azure Compute Gallery Elevation of Privilege Vulnerability
7.1
CVE-2024-20689 - Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
7.1
CVE-2024-20688 - Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
6.7
CVE-2024-20669 - Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
10
CVE-2024-24576 - Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the argumenβ¦
4.3
CVE-2024-31455 - Minder GetRepositoryByName data leak
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would β¦
8.1
CVE-2024-29905 - DIRAC: Unauthorized users can read proxy contents during generation
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to thenβ¦
5.9
CVE-2024-30262 - Contao's remember-me tokens will not be cleared after a password change
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me tokeβ¦
6.5
CVE-2024-31867 - Apache Zeppelin: LDAP search filter query Injection Vulnerability
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixesβ¦
6.1
CVE-2024-31868 - Apache Zeppelin: XSS vulnerability in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.