6.1
CVE-2024-52318 - Apache Tomcat: Incorrect JSP tag recycling leads to XSS
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
4.8
CVE-2024-11319 - Stored XSS in Open Source Project "django-cms"
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.
6.5
CVE-2024-52317 - Apache Tomcat: Request/response mix-up with HTTP/2
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat.Β Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.β¦
9.8
CVE-2024-52316 - Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)Β ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the auβ¦
4.3
CVE-2024-48901 - Moodle: idor when fetching report schedules
A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.
6.5
CVE-2024-48898 - Moodle: some users can delete audiences of other reports
A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.
6.5
CVE-2024-48897 - Moodle: idor in edit/delete rss feed
A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.
4.3
CVE-2024-48896 - Moodle: users' names returned in messaging error message
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.
5.2
CVE-2024-11023 - Session Hijacking in Firebase JavaScript SDK
Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to thβ¦
4
CVE-2024-42392 - Improper Neutralization of Delimiters in Mongoose Web Server library
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.