6.5
CVE-2024-7137 - Denial of Service in Silicon Labs RS9116 Bluetooth SDK
The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device.
5.3
CVE-2024-49765 - Bypass of Discourse Connect using other login paths if enabled in Discourse
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgraโฆ
2.2
CVE-2024-52589 - Moderators can view Screened emails even when the โmoderators view emailsโ option is disabled in Diโฆ
Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from unโฆ
6.8
CVE-2024-52794 - Magnific lightbox susceptible to Cross-site Scripting in Discourse
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
7.5
CVE-2024-53991 - Potential Backup file leaked via Nginx in Discourse
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trickโฆ
7.8
CVE-2024-56159 - Server source code is exposed to the public if sourcemaps are enabled
Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files **for the server code** are moved to a publicly-accessibleโฆ
8.6
CVE-2024-56200 - Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this softwaโฆ
8.7
CVE-2024-54150 - Algorithm Confusion Vulnerability in cjwt
cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS โฆ
5.7
CVE-2020-6923 - HP Linux Imaging and Printing Software - Potential Memory Buffer Overflow
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
5.3
CVE-2024-12794 - Codezips E-Commerce Site editorder.php sql injection
A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit haโฆ