7.5
CVE-2024-41108 - FOG Sensitive Information Disclosure
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host.Β Otherwiβ¦
8.8
CVE-2024-40645 - FOG Authenticated File Upload RCE
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixβ¦
8.5
CVE-2024-7324 - IObit iTop Data Recovery Pro BPL madbasic_.bpl uncontrolled search path
A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library madbasic_.bpl of the component BPL Handler. The manipulation leads to uncontrolled search path. Local access is required tβ¦
4.9
CVE-2024-23444 - Elasticsearch elasticsearch-certutil csr fails to encrypt private key
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invoβ¦
5.6
CVE-2024-6978 - Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
6.5
CVE-2024-6977 - Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: bβ¦
8.8
CVE-2024-6975 - Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34.
8.8
CVE-2024-6974 - Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
7.5
CVE-2024-6973 - Remote Code Execution in Cato Windows SDP client via crafted URLs
Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34.
4.3
CVE-2024-41953 - Zitadel improperly sanitizes HTML in emails and Console UI
Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potβ¦