8.7
CVE-2024-47824 - Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user toโฆ
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room,โฆ
3.7
CVE-2024-9506 - Regular Expression Denial of Service (ReDoS)
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
7
CVE-2024-47779 - Element Web vulnerable to potential exposure of access token via authenticated media
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvโฆ
7
CVE-2024-47771 - Element Desktop vulnerable to potential exposure of access token via authenticated media
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvingโฆ
6.5
CVE-2024-9676 - Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can causeโฆ
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--โฆ
8.7
CVE-2024-47080 - matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserโฆ
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used โฆ
0.0
CVE-2024-9998 -
The vulnerability has no impact, so it has been deprecated.
6.9
CVE-2024-9986 - code-projects Blood Bank Management System member_register.php sql injection
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads to sql injection. The attack may be initiatโฆ
5.1
CVE-2024-9977 - MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injectโฆ
5.3
CVE-2024-9976 - code-projects Pharmacy Management System manage_customer.php sql injection
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The eโฆ