In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-25
Updated
2024-03-25
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
Anope before 2.0.15 does not prevent resetting the password of a suspended account.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-24
Updated
2024-03-25
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-24
Updated
2024-03-25
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-22
Updated
2024-03-25
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-21
Updated
2024-03-21
The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-21
Updated
2024-03-21
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem. If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable. This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway. You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users. Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems. Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions  to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs in all your components and all parent directories of this directory and remove group write access for all the parent directories
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-27
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-26
An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-26
Updated
2024-03-26
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-26
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-20
Updated
2024-03-21
2022 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!