5.3
CVE-2024-53253 - Sentry's improper error handling leaks Application Integration Client Secret
Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client IDβ¦
5.5
CVE-2024-52998 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vicβ¦
6.9
CVE-2024-11618 - IPC Unigy Management System HTTP Request server-side request forgery
A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploitβ¦
0.0
CVE-2024-11637 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
2.8
CVE-2024-52814 - Helm Lacks Granularity in Workflow Role
Argo Helm is a collection of community maintained charts for `argoproj.github.io` projects. Prior to version 0.45.0, the `workflow-role`) lacks granularity in its privileges, giving permissions to `workflowtasksets` and `workflowartifactgctasks` to all workflow Pods, when only certain types of Podsβ¦
7.5
CVE-2024-52804 - Tornado has HTTP cookie parsing DoS vulnerability
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the β¦
7.5
CVE-2024-52802 - RIOT-OS missing dhcpv6_opt_t minimum header length check
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead tβ¦
5.1
CVE-2024-52793 - XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems
The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file nβ¦
5.1
CVE-2024-10863 - Client-side audit exclusion vulnerability
: Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.
8.8
CVE-2021-38116 - Possible Command injection Vulnerability in OpenText iManager
Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenTextβ’ iManager. This impacts all versions before 3.2.5