6.3
CVE-2024-29510 - ghostscript: format string injection leads to shell command execution (SAFER bypass)
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
6.6
CVE-2024-5042 - Submariner-operator: rbac permissions can allow for the spread of node compromises
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
5.3
CVE-2024-33869 - ghostscript: path traversal and command execution due to path reduction
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
5.3
CVE-2024-35176 - REXML contains a denial of service vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix thiβ¦
5.3
CVE-2024-4919 - Campcodes Online Examination System addCourseExe.php sql injection
A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated remoβ¦
5.3
CVE-2024-4918 - Campcodes Online Examination System updateQuestion.php sql injection
A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. This affects an unknown part of the file updateQuestion.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disβ¦
5.3
CVE-2024-4917 - Campcodes Online Examination System submitAnswerExe.php sql injection
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation of the argument exmne_id leads to sql injection. The attack may be launched remotely. The exploit hβ¦
5.3
CVE-2024-4916 - Campcodes Online Examination System selExamAttemptExe.php sql injection
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file selExamAttemptExe.php. The manipulation of the argument thisId leads to sql injection. The attack can be launched remotely. Thβ¦
5.3
CVE-2024-4915 - Campcodes Online Examination System result.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file result.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed tβ¦
5.3
CVE-2024-4914 - Campcodes Online Examination System ranking-exam.php sql injection
A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. This issue affects some unknown processing of the file ranking-exam.php. The manipulation of the argument exam_id leads to sql injection. The attack may be initiated remotely. The exploit hβ¦