6
CVE-2024-12539 - Elasticsearch Incorrect Authorization
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.
4.6
CVE-2024-11993 -
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
6.9
CVE-2024-56139 - A stack overflow Segmentation Fault (SEGV) and Memory Leak in pdftools
pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems.
7.5
CVE-2024-51479 - Authorization bypass in Next.js
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For examβ¦
4.9
CVE-2024-49816 - IBM Security Guardium Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Β stores potentially sensitive information in log files that could be read by a local privileged user.
3.7
CVE-2024-49820 - IBM Security Guardium Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Β could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in β¦
4.1
CVE-2024-49819 - IBM Security Guardium Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Β could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
4.3
CVE-2024-49818 - IBM Security Guardium Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
4.4
CVE-2024-49817 - IBM Security Guardium Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
3.1
CVE-2024-42194 - HCL BigFix Inventory is affected by an access control vulnerability
An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.