7
CVE-2024-49504 - grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
4.6
CVE-2024-9477 - XSS in AirTies' Air4443 Firmware
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classifβ¦
4.3
CVE-2024-48900 - Moodle: idor when accessing list of badge recipients
A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
5.3
CVE-2024-49505 - XSS vulnerability found in OpenSuse MirrorCache
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in theΒ REGEX and P parameters. This issue affects MirrorCache before 1.083.
5.7
CVE-2024-11165 -
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. The leakage occurs during β¦
7.3
CVE-2024-49506 - Fixed temporary file path in aeon-checks allows fixing of disk encryption key
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem
5.3
CVE-2024-11159 - thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
7.5
CVE-2024-48989 -
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.
8.5
CVE-2022-45157 - Exposure of vSphere's CPI and CSI credentials in Rancher
A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintextβ¦
0.0
CVE-2024-11177 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.