Total
28533 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24789 | 2 Golang, Redhat | 9 Go, Enterprise Linux, Network Observ Optr and 6 more | 2024-08-01 | 5.5 Medium |
| The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | ||||
| CVE-2024-24736 | 1 Ypopsemail | 1 Ypops\! | 2024-08-01 | 7.5 High |
| The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558. | ||||
| CVE-2024-24757 | 1 Degamisu | 1 Open-irs | 2024-08-01 | 7.6 High |
| open-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets. | ||||
| CVE-2024-24755 | 1 Discourse | 1 Group Membership Ip Blocks | 2024-08-01 | 4.3 Medium |
| discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret. | ||||
| CVE-2024-24680 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Openstack and 3 more | 2024-08-01 | 7.5 High |
| An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. | ||||
| CVE-2024-24548 | 1 Estore-wss | 1 Payment Ex | 2024-08-01 | 6.5 Medium |
| Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX. | ||||
| CVE-2024-24304 | 1 Sinch | 1 Mailjet | 2024-08-01 | 7.5 High |
| In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. | ||||
| CVE-2024-24215 | 1 Cellinx | 1 Nvt Web Server | 2024-08-01 | 5.3 Medium |
| An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | ||||
| CVE-2024-23743 | 2 Apple, Notion | 2 Macos, Notion | 2024-08-01 | 3.3 Low |
| Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment." | ||||
| CVE-2024-23742 | 1 Loom | 1 Loom | 2024-08-01 | 9.8 Critical |
| An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine. | ||||
| CVE-2024-23738 | 2 Apple, Postman | 2 Macos, Postman | 2024-08-01 | 9.8 Critical |
| An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.." | ||||
| CVE-2024-23901 | 1 Jenkins | 1 Github Branch Source | 2024-08-01 | 6.5 Medium |
| Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | ||||
| CVE-2024-23985 | 1 Ezhometech | 1 Ezserver | 2024-08-01 | 7.5 High |
| EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command. | ||||
| CVE-2024-23904 | 1 Jenkins | 1 Log Command | 2024-08-01 | 7.5 High |
| Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. | ||||
| CVE-2024-23824 | 1 Mailcow | 1 Mailcow\ | 2024-08-01 | 4.7 Medium |
| mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. | ||||
| CVE-2024-23899 | 2 Jenkins, Redhat | 2 Git Server, Ocp Tools | 2024-08-01 | 6.5 Medium |
| Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | ||||
| CVE-2024-23900 | 2 Jenkins, Redhat | 2 Matrix Project, Ocp Tools | 2024-08-01 | 4.3 Medium |
| Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. | ||||
| CVE-2024-23769 | 2 Microsoft, Samsung | 2 Windows, Magician | 2024-08-01 | 7.3 High |
| Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. | ||||
| CVE-2024-23850 | 1 Linux | 1 Linux Kernel | 2024-08-01 | 5.5 Medium |
| In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. | ||||
| CVE-2024-23770 | 1 Unix4lyfe | 1 Darkhttpd | 2024-08-01 | 5.5 Medium |
| darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. | ||||