4.6
CVE-2024-43412 - Xibo CMS XSS vulnerability when previewing files uploaded to the library containing HTML/JS
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xibβ¦
7.5
CVE-2024-6119 - Possible denial of service in X.509 name checks
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial ofβ¦
7.2
CVE-2024-7346 - Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.Β This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to beβ¦
8.3
CVE-2024-7345 - Direct local client connections to MS Agents can bypass authentication
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
8.3
CVE-2024-7654 - Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery serviβ¦
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.Β Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other tβ¦
6.9
CVE-2024-4259 - Sensetive Data Exposure in SAMPAS's AKOS
Missing Authorization vulnerability in SAMPAΕ Holding AKOS (AkosCepVatandasService), SAMPAΕ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
9.8
CVE-2024-8389 - mozilla: Memory safety bugs fixed in Firefox 130
Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.
4.3
CVE-2024-8388 -
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the usβ¦
9.8
CVE-2024-8387 - mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < β¦
6.1
CVE-2024-8386 - mozilla: SelectElements could be shown over another site if popups are allowed
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.