7.1
CVE-2024-37966 - Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
8.8
CVE-2024-37338 - Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
6.1
CVE-2024-45595 - D-Tale allows Remote Code Execution through the Query input on Chart Builder
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default.
8.2
CVE-2024-45592 - auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in twig macro is not escaped. Therefore script β¦
5.3
CVE-2024-45591 - XWiki Platform document history including authors of any page exposed to unauthorized actors
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username aβ¦
7.5
CVE-2024-45590 - body-parser vulnerable to denial of service when url encoding is enabled
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1β¦
9.1
CVE-2024-45593 - Nix affected by unsafe NAR unpacking
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissioβ¦
7.5
CVE-2023-6841 - Keycloak: amount of attributes per object is not limited and it may lead to dos
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
5.3
CVE-2024-45412 - Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack
Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial of β¦
6.5
CVE-2024-45407 - Sunshine has incorrect state management during pairing process may lead to incorrectly authorized cβ¦
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, butβ¦