7.1
CVE-2024-55546 - Stored Cross-Site Scripting
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
7.1
CVE-2024-55545 - Reflected Cross-Site Scripting
Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
8.7
CVE-2024-55544 - Authenticated Command Injection
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.
8.4
CVE-2024-10496 - Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW
An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Qβ¦
8.4
CVE-2024-10495 - Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW
An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects Laβ¦
8.4
CVE-2024-10494 - Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW
An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and priβ¦
9.3
CVE-2024-54152 - Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full accessβ¦
6.8
CVE-2024-12236 - Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration
A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further β¦
6.1
CVE-2024-12323 - turboSMTP <= 4.6 - Reflected Cross-Site Scripting via 'page'
The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βpageβ parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pβ¦
9.8
CVE-2024-5660 -
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass oβ¦