4.5
CVE-2024-43371 - Potential access to sensitive URLs via CKAN extensions (SSRF)
CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their cβ¦
6.8
CVE-2024-41675 - CKAN has a Cross-site Scripting vector in the Datatables view plugin
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a pluginβ¦
5.3
CVE-2024-41674 - CKAN may leak Solr credentials via error message in package_search action
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patchedβ¦
9.8
CVE-2024-28000 - WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
8.2
CVE-2020-11847 - Vulnerability in sshrelay in privileged access manager provides full system access.
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
8.7
CVE-2020-11846 - Improper handling of token allows access to restricted resource in Privileged Access Manager
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources.Β This issue affects Privileged Access Manager before 3.7.0.1.
7.3
CVE-2020-11850 - Cross site scripting vulnerability in Self Service Password Reset
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).Β This issue affects Self Service Password Reset before 4.5.0.2 andΒ 4.4.0.6
7.8
CVE-2024-37008 - Stack-based Overflow Vulnerability in Revit Software
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
7
CVE-2023-22576 -
Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges usinβ¦
7.5
CVE-2023-49198 - Apache SeaTunnel Web: Arbitrary file read vulnerability
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Userβ¦