5.6
CVE-2024-6978 - Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
6.5
CVE-2024-6977 - Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: bβ¦
8.8
CVE-2024-6975 - Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34.
8.8
CVE-2024-6974 - Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
7.5
CVE-2024-6973 - Remote Code Execution in Cato Windows SDP client via crafted URLs
Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34.
4.3
CVE-2024-41953 - Zitadel improperly sanitizes HTML in emails and Console UI
Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potβ¦
5.3
CVE-2024-41952 - Zitadel has an "Ignoring unknown usernames" vulnerability
Zitadel is an open source identity management system. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Userβ¦
7.5
CVE-2024-41950 - Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 β¦
4.7
CVE-2024-39694 - Duende IdentityServer Open Redirect vulnerability
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to β¦
5.4
CVE-2024-39318 - Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have theβ¦