4.3
CVE-2024-8538 - Big File Uploads <= 2.1.2 - Authenticated (Author+) Full Path Disclosure
The Big File Uploads β Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with author-levβ¦
6.9
CVE-2024-8521 - Wavelog Live QSO qso index cross site scripting
A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has beeβ¦
8.8
CVE-2024-45034 - Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes
Apache Airflow versions before 2.10.1 have a vulnerability that allowsΒ DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later,β¦
8.8
CVE-2024-45498 - Apache Airflow: Command Injection in an example DAG
Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied theβ¦
7.5
CVE-2024-34158 - Stack exhaustion in Parse in go/build/constraint
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
7.5
CVE-2024-34156 - Stack exhaustion in Decoder.Decode in encoding/gob
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
4.3
CVE-2024-34155 - Stack exhaustion in all Parse functions in go/parser
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
0.0
CVE-2024-8545 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.5
CVE-2024-7652 - Type Confusion in Async Generators in Javascript Engine
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
7
CVE-2024-38640 - Download Station
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21β¦