4.4
CVE-2024-47967 -
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
6.5
CVE-2024-47772 - Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourβ¦
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discoursβ¦
4.4
CVE-2024-47974 -
Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service.
7.3
CVE-2024-47610 - Stored Cross-site Scripting Vulnerability in Markdown Editor
InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addressed β¦
5.1
CVE-2024-47973 -
In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker.
7.2
CVE-2024-43363 - Remote code execution via Log Poisoning in Cacti
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) toβ¦
5.7
CVE-2024-43365 - Stored Cross-site Scripting (XSS) when creating external links in Cacti
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leadingβ¦
5.7
CVE-2024-43364 - Stored Cross-site Scripting (XSS) when creating external links in Cacti
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users witβ¦
7.3
CVE-2024-43362 - Stored Cross-site Scripting (XSS) when creating external links in Cacti
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leadβ¦
7.5
CVE-2024-43789 - Denial of service by the absence of restrictions on replies to posts in Discourse
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users arβ¦