Vulnerabilities (CVE)

Total 295781 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-48234 2024-10-29 N/A 4.9 MEDIUM
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files.
CVE-2023-25189 2024-10-29 N/A 3.3 LOW
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH.
CVE-2023-20513 2024-10-29 N/A 3.3 LOW
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.
CVE-2024-49999 1 Linux 1 Linux Kernel 2024-10-29 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afs_wait_for_operation(), we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop having had a response from the server that we've discarded (e.g. it returned an abort or we started receiving data, but the call didn't complete). This means that op->server might be NULL, but we don't check that before attempting to set the server flag.
CVE-2024-49979 1 Linux 1 Linux Kernel 2024-10-29 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For TCP, this causes a NULL ptr deref in __tcpv4_gso_segment_list_csum at tcp_hdr(seg->next). Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Approach and description based on a patch by Willem de Bruijn.
CVE-2024-49978 1 Linux 1 Linux Kernel 2024-10-29 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment.
CVE-2024-20481 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense Software 2024-10-29 N/A 5.8 MEDIUM
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.
CVE-2024-41618 2024-10-29 N/A 9.8 CRITICAL
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated into an SQL query.
CVE-2024-41617 2024-10-29 N/A 9.8 CRITICAL
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution.
CVE-2024-50575 1 Jetbrains 1 Youtrack 2024-10-29 N/A 6.1 MEDIUM
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
CVE-2024-10073 1 Informatik.hu-berlin 1 Flair 2024-10-29 5.1 MEDIUM 7.5 HIGH
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-50576 1 Jetbrains 1 Youtrack 2024-10-29 N/A 5.4 MEDIUM
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
CVE-2024-50577 1 Jetbrains 1 Youtrack 2024-10-29 N/A 5.4 MEDIUM
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
CVE-2024-50578 1 Jetbrains 1 Youtrack 2024-10-29 N/A 5.4 MEDIUM
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
CVE-2024-50579 1 Jetbrains 1 Youtrack 2024-10-29 N/A 6.1 MEDIUM
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
CVE-2024-50580 1 Jetbrains 1 Youtrack 2024-10-29 N/A 5.4 MEDIUM
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
CVE-2024-50581 1 Jetbrains 1 Youtrack 2024-10-29 N/A 5.4 MEDIUM
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
CVE-2024-50582 1 Jetbrains 1 Youtrack 2024-10-29 N/A 5.4 MEDIUM
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
CVE-2024-50574 1 Jetbrains 1 Youtrack 2024-10-29 N/A 7.5 HIGH
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
CVE-2024-50573 1 Jetbrains 1 Hub 2024-10-29 N/A 5.4 MEDIUM
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services