CVE-2024-25584 : OPEN-XCHANGE OX DOVECOT PRO UP TO 2.3.21 DATA COMMAND DATA AUTHENTICITY

Description Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be

Description A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index

Description Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.

Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic

Description A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). References

Description The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS

Description FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside

Description Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used

Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due

Description The improper neutralization of special elements in the parameter “host” in the CGI program of Zyxel NWA1123ACv3 firmware version

Description The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when

Description D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in

Description ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.

Description A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical.

Description In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(),

Description Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible

Description Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NAC Telecommunication Systems Inc. NACPremium

Description Memory corruption while releasing shared resources in MinkSocket listener thread. References https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html For More Information CVERecord

Description The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for

Description A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this

Description In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported