4.3
CVE-2024-11692 - firefox: thunderbird: Select list elements could be shown over another site
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
8.8
CVE-2024-11691 - firefox: thunderbird: Memory corruption in Apple GPU drivers
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox β¦
4.3
CVE-2024-9929 -
A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.
5.3
CVE-2024-9928 -
A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only β¦
7.8
CVE-2024-52336 - Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit aβ¦
5.5
CVE-2024-52337 - Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick theβ¦
6.5
CVE-2024-38834 - Stored cross-site scripting vulnerability (CVE-2024-38834)
VMware Aria Operations contains a stored cross-site scripting vulnerability.Β A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
6.8
CVE-2024-38833 - Stored cross-site scripting vulnerability (CVE-2024-38833)
VMware Aria Operations contains a stored cross-site scripting vulnerability.Β A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
7.1
CVE-2024-38832 - Stored cross-site scripting vulnerability (CVE-2024-38832)
VMware Aria Operations contains a stored cross-site scripting vulnerability.Β A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
7.8
CVE-2024-38831 - Local privilege escalation vulnerability (CVE-2024-38831)
VMware Aria Operations contains a local privilege escalation vulnerability.Β Β A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to Β a root user on the appliance running VMware Aria Operations.