3.8
CVE-2024-41960 - Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scriptsβ¦
7.6
CVE-2024-41959 - Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of the β¦
6.6
CVE-2024-41958 - Two-Factor Authentication (2FA) Bypass in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwiβ¦
3
CVE-2024-42350 - Public key confusion in third party block in Biscuit
Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can beβ¦
9.3
CVE-2024-6915 - JFrog Artifactory Cache Poisoning
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.
7.3
CVE-2024-6361 - Improper Neutralization vulnerability (XSS) has been discovered in OpenTextβ’ ALM Octane product.
Improper Neutralization vulnerability (XSS) has been discovered in OpenTextβ’ ALM Octane. The vulnerability affects all version prior to version 23.4.Β The vulnerability could cause remote code execution attack.
8.4
CVE-2024-33034 - Use After Free in Graphics Linux
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
8.4
CVE-2024-33028 - Use After Free in Automotive Telematics
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
8.4
CVE-2024-33027 - Improper Access Control in Graphics Linux
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
7.5
CVE-2024-33026 - Buffer Over-read in WLAN Host
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.