4.4
CVE-2024-41951 - PheonixAppAPI has visible Encoding Maps
Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4.
5.3
CVE-2024-41954 - FOG Weak file permissions
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accountsβ¦
5.2
CVE-2024-41955 - Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.
7.5
CVE-2024-41108 - FOG Sensitive Information Disclosure
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host.Β Otherwiβ¦
8.8
CVE-2024-40645 - FOG Authenticated File Upload RCE
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixβ¦
8.5
CVE-2024-7324 - IObit iTop Data Recovery Pro BPL madbasic_.bpl uncontrolled search path
A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library madbasic_.bpl of the component BPL Handler. The manipulation leads to uncontrolled search path. Local access is required tβ¦
4.9
CVE-2024-23444 - Elasticsearch elasticsearch-certutil csr fails to encrypt private key
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invoβ¦
5.6
CVE-2024-6978 - Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
6.5
CVE-2024-6977 - Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: bβ¦
8.8
CVE-2024-6975 - Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34.