6.8
CVE-2024-45102 -
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.
4.7
CVE-2024-10254 -
A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
4.7
CVE-2024-10253 -
A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
4.8
CVE-2024-55892 - Potential Open Redirect via Parsing Differences in TYPO3
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing tโฆ
4.3
CVE-2024-55893 - TYPO3 Cross-Site Request Forgery in Log Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstreaโฆ
4.3
CVE-2024-55894 - TYPO3 Cross-Site Request Forgery in Backend User Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstreaโฆ
4.3
CVE-2024-55920 - Cross-Site Request Forgery in Dashboard Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstreaโฆ
7.5
CVE-2024-55921 - Cross-Site Request Forgery in Extension Manager Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstreaโฆ
8.5
CVE-2024-53263 - Git LFS permits exfiltration of credentials via crafted HTTP URLs
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back โฆ
5.4
CVE-2024-55922 - Cross-Site Request Forgery in Form Framework Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstreaโฆ