CVE-2024-8088 : PYTHON CPYTHON UP TO 3.13.0 ZIPFILE MODULE NAMELIST/ITERDIR/EXTRACTALL INFINITE LOOP

Description There is a HIGH severity vulnerability affecting the CPython “zipfile” module. When iterating over names of entries in a

Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main

Description A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2

Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored

Description Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. References https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-035.txt

Description Mattermost versions 9.9.x

Description A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown

Description The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to

Description Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with

Description A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications

Description The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to

Description This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0,

Description DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to

Description Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user

Description Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a

Description CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues

Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may

Description Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary

Description Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local

Description Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in

Description Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with

Description Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the

Description An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and

Description An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate