CVE-2024-38276 |
Description: Incorrect CSRF token checks resulted in multiple CSRF risks.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
CVE-2024-38274 |
Description: Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-38273 |
Description: Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-37603 |
Description: An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-37601 |
Description: An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-37385 |
Description: Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-37273 |
Description: An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
EPSS Score: 0.17%
February 14th, 2025 (5 months ago)
|
CVE-2024-37031 |
Description: The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-37019 |
Description: Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-37017 |
Description: asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|