9.3
CVE-2024-4332 - Improper Authentication in Tripwire Enterprise 9.1.0 APIs
An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerabβ¦
6.1
CVE-2024-36674 -
LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.
8.2
CVE-2024-32983 - Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities
Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and impersonate the authors β¦
7.5
CVE-2024-36128 - Directus is soft-locked by providing a string value to random string util
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of serviβ¦
7.5
CVE-2024-36127 - apko Exposure of HTTP basic auth credentials in log output
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.
5.3
CVE-2024-36124 - iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash
iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar securiβ¦
6.5
CVE-2024-36123 - Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterfaceβ¦
9.4
CVE-2024-0336 - Improper Access Control in EMTA Grups PDKS
Missing Authentication for Critical Function vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDKS: from V3.04 before 20240603.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
8.1
CVE-2024-36728 -
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key.
6.3
CVE-2024-36729 -
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key.