CVE-2024-39579 : DELL POWERSCALE ONEFS UP TO 9.7.1.0/9.8.0.0 PRIVILEGES ASSIGNMENT

Description Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could

Description IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. References https://www.ibm.com/support/pages/node/7166947

Description Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. References https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-6204.html

Description A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs

Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID

Description One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This

Description The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site

Description Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3. References

Description Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a

Description In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.

Description The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it

Description D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in

Description Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice

Description Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1. References https://patchstack.com/database/vulnerability/hummingbird-performance/wordpress-hummingbird-plugin-3-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve For

Description Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before

Description There is a HIGH severity vulnerability affecting the CPython “zipfile” module. When iterating over names of entries in a

Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main

Description A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2

Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored

Description Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. References https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-035.txt

Description Mattermost versions 9.9.x

Description A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown

Description The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to

Description Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with