3bf5ba2626
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 26s
296 lines
24 KiB
XML
296 lines
24 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Latest Vulnerabilities</title><link>https://cvefeed.io/vuln/latest/</link><description>Updates on the latest vulnerabilities detected.</description><atom:link href="https://cvefeed.io/rssfeed/latest.xml" rel="self"/><language>en-us</language><lastBuildDate>Thu, 12 Dec 2024 14:15:22 +0000</lastBuildDate><item><title>CVE-2024-50584 - Apache Solr Blind SQL Injection</title><link>https://cvefeed.io/vuln/detail/CVE-2024-50584</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-50584
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 2:15 p.m. | 1 hour, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 14:15:22 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-50584</guid></item><item><title>CVE-2024-28146 - Cisco Hard-Coded Credentials Exposure</title><link>https://cvefeed.io/vuln/detail/CVE-2024-28146</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-28146
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 2:15 p.m. | 1 hour, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 14:15:22 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-28146</guid></item><item><title>CVE-2024-28145 - Apache HTTP Server SQL Injection</title><link>https://cvefeed.io/vuln/detail/CVE-2024-28145</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-28145
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 2:15 p.m. | 1 hour, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 14:15:22 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-28145</guid></item><item><title>CVE-2024-28144 - Apache Session Hijacking</title><link>https://cvefeed.io/vuln/detail/CVE-2024-28144</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-28144
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 2:15 p.m. | 1 hour, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 14:15:22 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-28144</guid></item><item><title>CVE-2024-28143 - Apache HTTP Server Password Change Weakness</title><link>https://cvefeed.io/vuln/detail/CVE-2024-28143</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-28143
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 2:15 p.m. | 1 hour, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 14:15:22 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-28143</guid></item><item><title>CVE-2024-54122 - Apache Ability Concurrent Access Vuln</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54122</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54122
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 1:15 p.m. | 2 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Concurrent variable access vulnerability in the ability module
|
||
Impact: Successful exploitation of this vulnerability may affect availability.
|
||
<br>
|
||
<strong>Severity:</strong> 6.2 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 13:15:11 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54122</guid></item><item><title>CVE-2024-54119 - Adobe UIExtension Cross-Process Screen Stack Buffer Overflow Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54119</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54119
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 1:15 p.m. | 2 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Cross-process screen stack vulnerability in the UIExtension module
|
||
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
||
<br>
|
||
<strong>Severity:</strong> 6.2 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 13:15:11 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54119</guid></item><item><title>CVE-2024-54118 - Apache UIExtension Cross-Process Screen Stack Buffer Overflow</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54118</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54118
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 1:15 p.m. | 2 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Cross-process screen stack vulnerability in the UIExtension module
|
||
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
||
<br>
|
||
<strong>Severity:</strong> 6.2 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 13:15:11 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54118</guid></item><item><title>CVE-2024-47947 - Oracle Web Server Stored Cross-Site Scripting Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-47947</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-47947
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 1:15 p.m. | 2 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre
|
||
|
||
The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 13:15:10 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-47947</guid></item><item><title>CVE-2024-36498 - Apache IBM Security AppScan Cross-Site Scripting</title><link>https://cvefeed.io/vuln/detail/CVE-2024-36498</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-36498
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 1:15 p.m. | 2 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre
|
||
|
||
The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Version 7.40 implemented a fix, but it could be bypassed via URL-encoding the Javascript payload again.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 13:15:10 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-36498</guid></item><item><title>CVE-2024-36494 - Citrix CGI Slogin Cross-Site Scripting (XSS)</title><link>https://cvefeed.io/vuln/detail/CVE-2024-36494</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-36494
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 1:15 p.m. | 2 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 13:15:10 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-36494</guid></item><item><title>CVE-2024-28142 - Apache Struts Cross-Site Scripting (XSS) Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-28142</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-28142
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 1:15 p.m. | 2 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in the User Settings menu improperly filters the "file name" and wildcard character input field. By exploiting the wildcard character feature, attackers are able to store arbitrary Javascript code which is being triggered if the page is viewed afterwards, e.g. by higher privileged users such as admins.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
This attack can even be performed without being logged in because the affected functions are not fully protected. Without logging in, only the file name parameter of the "Default" User can be changed.
|
||
<br>
|
||
<strong>Severity:</strong> 0.0 | NA
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 13:15:09 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-28142</guid></item><item><title>CVE-2024-12271 - "360 Javascript Viewer Stored Cross-Site Scripting"</title><link>https://cvefeed.io/vuln/detail/CVE-2024-12271</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-12271
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 1:15 p.m. | 2 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
|
||
<br>
|
||
<strong>Severity:</strong> 4.4 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 13:15:07 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-12271</guid></item><item><title>CVE-2024-9387 - GitLab Open Redirect Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-9387</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-9387
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.
|
||
<br>
|
||
<strong>Severity:</strong> 6.4 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:28 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-9387</guid></item><item><title>CVE-2024-9367 - GitLab Template Parsing DoS Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-9367</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-9367
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs.
|
||
<br>
|
||
<strong>Severity:</strong> 4.3 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:28 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-9367</guid></item><item><title>CVE-2024-8647 - GitLab CSRF Token Leakage Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-8647</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-8647
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.
|
||
<br>
|
||
<strong>Severity:</strong> 5.4 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:28 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-8647</guid></item><item><title>CVE-2024-8233 - GitLab Diff File DDoS Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-8233</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-8233
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.
|
||
<br>
|
||
<strong>Severity:</strong> 7.5 | HIGH
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:28 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-8233</guid></item><item><title>CVE-2024-8179 - GitLab Cross-Site Scripting (XSS)</title><link>https://cvefeed.io/vuln/detail/CVE-2024-8179</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-8179
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.
|
||
<br>
|
||
<strong>Severity:</strong> 5.4 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:27 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-8179</guid></item><item><title>CVE-2024-54117 - Webroot UIExtension Cross-Process Screen Stack Information Disclosure</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54117</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54117
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Cross-process screen stack vulnerability in the UIExtension module
|
||
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
||
<br>
|
||
<strong>Severity:</strong> 6.2 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:27 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54117</guid></item><item><title>CVE-2024-54116 - "Kaltura M3U8 OOB Read Vulnerability"</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54116</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54116
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Out-of-bounds read vulnerability in the M3U8 module
|
||
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
|
||
<br>
|
||
<strong>Severity:</strong> 4.3 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:27 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54116</guid></item><item><title>CVE-2024-54115 - Apache DASH Out-of-bounds Read Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54115</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54115
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Out-of-bounds read vulnerability in the DASH module
|
||
Impact: Successful exploitation of this vulnerability will affect availability.
|
||
<br>
|
||
<strong>Severity:</strong> 4.3 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:27 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54115</guid></item><item><title>CVE-2024-54114 - FFmpeg DASH Out-of-Bounds Access Denial of Service Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54114</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54114
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Out-of-bounds access vulnerability in playback in the DASH module
|
||
Impact: Successful exploitation of this vulnerability will affect availability.
|
||
<br>
|
||
<strong>Severity:</strong> 4.4 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:27 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54114</guid></item><item><title>CVE-2024-54113 - Microsoft Print Module Energy Consumption Buffer Overflow</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54113</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54113
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Process residence vulnerability in abnormal scenarios in the print module
|
||
Impact: Successful exploitation of this vulnerability may affect power consumption.
|
||
<br>
|
||
<strong>Severity:</strong> 6.5 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:27 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54113</guid></item><item><title>CVE-2024-54112 - Adobe Illustrator Cross-process Screen Stack Memory Corruption Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54112</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54112
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Cross-process screen stack vulnerability in the UIExtension module
|
||
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
||
<br>
|
||
<strong>Severity:</strong> 5.5 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:26 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54112</guid></item><item><title>CVE-2024-54111 - Apple Image Decoding Module Read/Write Vulnerability</title><link>https://cvefeed.io/vuln/detail/CVE-2024-54111</link><description>
|
||
<strong>CVE ID : </strong>CVE-2024-54111
|
||
<br>
|
||
<strong>Published : </strong> Dec. 12, 2024, 12:15 p.m. | 3 hours, 10 minutes ago
|
||
<br>
|
||
<strong>Description : </strong>Read/Write vulnerability in the image decoding module
|
||
Impact: Successful exploitation of this vulnerability will affect availability.
|
||
<br>
|
||
<strong>Severity:</strong> 5.7 | MEDIUM
|
||
<br>
|
||
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
|
||
</description><pubDate>Thu, 12 Dec 2024 12:15:26 +0000</pubDate><guid>https://cvefeed.io/vuln/detail/CVE-2024-54111</guid></item></channel></rss> |