CVE-2024-53829 |
Description: CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker, due to being limited to form-based CSRF.
This issue affects CodeChecker: through 6.24.4.
CVSS: HIGH (8.2) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-52973 |
Description: An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-51941 |
Description: A remote code injection vulnerability exists in the Ambari Metrics and
AMS Alerts feature, allowing authenticated users to inject and execute
arbitrary code. The vulnerability occurs when processing alert
definitions, where malicious input can be injected into the alert script
execution path. An attacker with authenticated access can exploit this
vulnerability to execute arbitrary commands on the server. The issue has
been fixed in the latest versions of Ambari.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-51919 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-51888 |
Description: Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-51818 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-51417 |
Description: An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields.
EPSS Score: 0.05%
January 22nd, 2025 (6 months ago)
|
CVE-2024-50633 |
Description: A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer).
CVSS: NONE (0.0) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49748 |
Description: In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49747 |
Description: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|