6.3
CVE-2024-38522 - CSP bypass in Hush Line
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.
7.1
CVE-2024-6403 - Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow
A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remoteβ¦
7.1
CVE-2024-6402 - Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow
A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. β¦
6.2
CVE-2024-35139 - IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
8.8
CVE-2024-38521 - Persistent Cross-Site Scripting (XSS) in hushline inbox
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.
6.2
CVE-2024-35137 - IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
3.6
CVE-2024-38531 - Nix sandbox escape
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assumeβ¦
9.8
CVE-2024-3816 - SQLi in S@M CMS
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar.Β Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
6.1
CVE-2024-3801 - XSS in S@M CMS
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSSΒ via including scripts in one of GET header parameters.Β Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
6.1
CVE-2024-3800 - XSS in S@M CMS
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSSΒ via including scripts in requested file names.Β Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.