8.8
CVE-2024-52596 - SimpleSAMLphp xml-common XXE vulnerability
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.
8.3
CVE-2024-52806 - SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.
6.5
CVE-2024-53259 - quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceedโฆ
6.3
CVE-2024-53862 - Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}` or when using `--aโฆ
7.5
CVE-2024-53981 - python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excโฆ
4.3
CVE-2024-53984 - Nanopb does not release memory on error return when using PB_DECODE_DELIMITED
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PBโฆ
10
CVE-2024-10905 - IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versionsย allow HTTP/HTTPS access toย static content in the IdentityIQ application directory that should be protected.
9.8
CVE-2024-8785 - WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2024.0.1, aย remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
9.8
CVE-2024-46909 - WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2024.0.1, aย remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
8.8
CVE-2024-46905 - WhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.