2.1
CVE-2024-7867 - Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
6.9
CVE-2024-7838 - itsourcecode Online Food Ordering System addcategory.php sql injection
A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploiβ¦
2.1
CVE-2024-7866 - Stack overflow in Xpdf 4.05 due to object loop in PDF pattern
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.
0.0
CVE-2024-7865 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2414. Reason: This candidate is a reservation duplicate of CVE-2023-2414. Notes: All CVE users should reference CVE-2023-2414 instead of this candidate. All references and descriptions in this candidate have been removed to preventβ¦
6.5
CVE-2024-42476 - oauth CSRF vulnerability
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Wβ¦
6.5
CVE-2024-42475 - OAuth library for nim allows insecure generation of state values by generateState - entropy too lowβ¦
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected rβ¦
8.6
CVE-2024-43357 - JavaScript specification issue may lead to type confusion and pointer dereference in implementations
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confβ¦
5.4
CVE-2024-25633 - In eLabFTW, if administrators can create users, users can too
eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in version 4.4.0 and prior to version 5.0.0 that allows regular users to create new, validated accounts inβ¦
5.9
CVE-2024-31905 - IBM QRadar Network Packet Capture information disclosure
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
6.5
CVE-2024-40705 - IBM InfoSphere Information Server denial of service
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.