6.9
CVE-2024-12231 - CodeZips Project Management System index.php sql injection
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed β¦
0.0
CVE-2024-51728 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2024. Notes: none.
5.9
CVE-2024-10716 -
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
7.5
CVE-2024-53856 - rPGP Panics on Malformed Untrusted Input
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.
7.5
CVE-2024-53857 - rPGP Potential Resource Exhaustion when handling Untrusted Messages
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.
4.6
CVE-2024-12247 - Improper propagation of permission scheme updates across cluster nodes
Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated.
5.5
CVE-2024-54001 - Kanboard allows a persistent HTML injection site scripting in settings page date format
Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflectβ¦
9.2
CVE-2024-54129 - Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7
The NASAβs Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (β¦
9.2
CVE-2024-54130 - Segmentation Fault in `forwardBundle` Function of ION-DTN BPv7 When Destination EID is `dtn:none` (β¦
The NASAβs Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is received. This causes the node to become unrβ¦
0.0
CVE-2024-12246 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.