4.3
CVE-2024-53984 - Nanopb does not release memory on error return when using PB_DECODE_DELIMITED
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB…
10
CVE-2024-10905 - IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.
9.8
CVE-2024-8785 - WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
9.8
CVE-2024-46909 - WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
8.8
CVE-2024-46905 - WhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.
8.8
CVE-2024-46906 - WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
8.8
CVE-2024-46907 - WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
8.8
CVE-2024-46908 - WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
4.8
CVE-2024-38827 - Spring Security Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
5.9
CVE-2024-51900 - WordPress What Would Seth Godin Do plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in James Hunt What Would Seth Godin Do what-would-seth-godin-do allows Stored XSS.This issue affects What Would Seth Godin Do: from n/a through <= 2.1.1.