3.1

CVSS3.1

CVE-2024-28191 - Contao may have unencoded insert tags in the frontend

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workar…

📅 Published: April 9, 2024, 1:54 p.m. 🔄 Last Modified: Jan. 17, 2025, 3:39 p.m.

5.4

CVSS3.1

CVE-2024-28190 - Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an…

📅 Published: April 9, 2024, 1:48 p.m. 🔄 Last Modified: Jan. 16, 2025, 7:54 p.m.

9.1

CVSS3.1

CVE-2023-6320 - Command injection in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerab…

📅 Published: April 9, 2024, 1:43 p.m. 🔄 Last Modified: Feb. 7, 2025, 6:15 p.m.

9.1

CVSS3.1

CVE-2023-6319 - Command injection in the getAudioMetadata method from the com.webos.service.attachedstoragemanager …

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigg…

📅 Published: April 9, 2024, 1:42 p.m. 🔄 Last Modified: Feb. 7, 2025, 6:20 p.m.

9.1

CVSS3.1

CVE-2023-6318 - Command injection in the processAnalyticsReport method from the com.webos.service.cloudupload servi…

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger th…

📅 Published: April 9, 2024, 1:41 p.m. 🔄 Last Modified: Feb. 7, 2025, 6:33 p.m.

7.2

CVSS3.1

CVE-2023-6317 - PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user in…

A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.  Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 …

📅 Published: April 9, 2024, 1:41 p.m. 🔄 Last Modified: Feb. 7, 2025, 6:39 p.m.

8.1

CVSS3.1

CVE-2024-2224 - Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-11466)

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component…

📅 Published: April 9, 2024, 1:01 p.m. 🔄 Last Modified: Feb. 7, 2025, 6:53 p.m.

8.1

CVSS3.1

CVE-2024-2223 - Incorrect Regular Expression in GravityZone Update Server (VA-11465)

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:  Bitdefender Endpoint Security for Linux vers…

📅 Published: April 9, 2024, 1:01 p.m. 🔄 Last Modified: Feb. 7, 2025, 7 p.m.

0.0

CVE-2024-3510 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

📅 Published: April 9, 2024, 12:02 p.m. 🔄 Last Modified: July 5, 2025, 11:15 p.m.

6.2

CVSS3.1

CVE-2024-2905 - Rpm-ostree: world-readable /etc/shadow file

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data…

📅 Published: April 9, 2024, 11 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10387 of 34,919
« previous page » next page
Filters