6.6
CVE-2024-47889 - Action Mailer has possible ReDoS vulnerability in block_format
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to tβ¦
6.6
CVE-2024-47888 - Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cause the `plain_text_β¦
6.6
CVE-2024-47887 - Action Controller has possible ReDoS vulnerability in HTTP Token authentication
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authentication β¦
6.6
CVE-2024-41128 - Action Dispatch has possible ReDoS vulnerability in query parameter filtering
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters caβ¦
8.6
CVE-2024-38190 - Power Platform Information Disclosure Vulnerability
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
7.5
CVE-2024-38204 - Imagine Cup site Information Disclosure Vulnerability
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
8.7
CVE-2024-38139 - Microsoft Dataverse Elevation of Privilege Vulnerability
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
9.1
CVE-2024-10004 -
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.
5.9
CVE-2024-45085 - IBM WebSphere Application Server denial of service
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service.
6.3
CVE-2024-9594 - VM images built with Image Builder with some providers use default credentials during builds
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build processΒ when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusioβ¦