5.3
CVE-2024-51493 - API key access in settings without reauthentication in OctoPrint
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user'sβ¦
4.3
CVE-2024-51740 - SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in versiβ¦
7.5
CVE-2024-51739 - Users enumeration allowed through Rest API in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in verβ¦
7.8
CVE-2024-50124 - Bluetooth: ISO: Fix UAF on iso_sock_timeout
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.
5.5
CVE-2024-50118 - btrfs: reject ro->rw reconfiguration if there are hard ro requirements
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device loop0 state MCS): disabling free space tree BTRFS info (device loop0 state MCS): clearing coβ¦
7.8
CVE-2024-49522 - Substance3D - Painter | Out-of-bounds Write (CWE-787)
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.5
CVE-2024-9579 - Certain Poly Video Conference Devices β Potential Remote Code Execution
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
4.2
CVE-2023-29126 - Insecure loose comparison in Enel X JuiceBox
The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.
9
CVE-2023-29125 - Heap overflow in CM_main.exe binary in Enel X JuiceBox
A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
6.7
CVE-2023-29122 - Incorrect file ownership of privileged service's libraries in Enel X JuiceBox
Under certain conditions, access to service libraries is granted to account they should not have access to.