Latest high severity Vulnerabilities

● GHSA-vx24-x4mv-vwr5
## Description Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidenta...
rust/starship>=1.0.0<=1.19.0
● CVE-2024-41815
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
rust/starship>=1.0.0<=1.19.0
● CVE-2024-41120
streamlit-geospatial blind SSRF in pages/9_πŸ”²_Vector_Data_Visualization.py
● CVE-2024-41119
streamlit-geospatial remote code execution in pages/8_🏜️_Raster_Data_Visualization.py
● CVE-2024-41118
streamlit-geospatial blind SSRF in pages/7_πŸ“¦_Web_Map_Service.py
● CVE-2024-41117
Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py
● CVE-2024-41116
Remote code execution in streamlit geospatial in pages/1_πŸ“·_Timelapse.py MODIS Ocean Color SMI option vis_params
● CVE-2024-41115
Remote code execution in streamlit geospatial in pages/1_πŸ“·_Timelapse.py MODIS Ocean Color SMI option palette
● CVE-2024-41114
Remote code execution in streamlit geospatial in pages/1_πŸ“·_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option
● CVE-2024-41113
Remote code execution in streamlit geospatial in pages/1_πŸ“·_Timelapse.py Any Earth Engine ImageCollection option vis_params
● CVE-2024-41112
Remote code execution in streamlit geospatial in pages/1_πŸ“·_Timelapse.py Any Earth Engine ImageCollection option palette
● CVE-2024-38512
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
● CVE-2024-38511
A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via sp...
● CVE-2024-38510
A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via spec...
● CVE-2024-38509
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.
● CVE-2024-38508
A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform co...
● CVE-2024-39304
ChurchCRM SQL Injection Vulnerability
● CVE-2024-38872
SQL Injection
● CVE-2024-38871
SQL Injection
● CVE-2024-41813
txtdot SSRF vulnerability in /proxy
● CVE-2024-41812
txtdot SSRF vulnerability in /get
● CVE-2024-7050
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.
● CVE-2024-41670
PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard
● CVE-2024-41692
Incorrect Access Control Vulnerability
● CVE-2024-41691
Insecure Storage of Sensitive Information Vulnerability
● CVE-2024-41690
Default Credential Storage in Plaintext Vulnerability
● CVE-2024-41688
Cleartext Storage of Sensitive Information Vulnerability
● CVE-2024-41687
Cleartext Transmission of Sensitive Information Vulnerability
● CVE-2024-41686
Password Policy Bypass Vulnerability
● CVE-2024-7062
Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
● RHSA-2024:4891
Important: Errata Advisory for Red Hat OpenShift GitOps v1.13.1 security update
Red Hat Red Hat OpenShift GitOps for IBM Power, little endian
Red Hat Red Hat OpenShift GitOps for ARM 64
Red Hat Red Hat OpenShift GitOps
Red Hat Red Hat OpenShift GitOps for IBM Z and LinuxONE
● CVE-2024-24622
Softaculous Webuzo Password Reset Command Injection
● CVE-2024-24623
Softaculous Webuzo FTP Management Command Injection
● CVE-2024-24621
Softaculous Webuzo Authentication Bypass
● CVE-2024-41809
OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue`
● CVE-2024-41808
OpenObserve stored XSS vulnerability may lead to complete account takeover
● CVE-2024-40872
Elevation of privilege in Absolute Secure Access clients and servers
● CVE-2024-7007
Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005
● CVE-2024-7101
ForIP Tecnologia Administração PABX Authentication Form login sql injection
● GHSA-7726-43hg-m23v
OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its us...
maven/org.openidentityplatform.openam:openam-oauth2<=15.0.3
● GHSA-p528-3mvf-gr87
In Spring Cloud Data Flow versions prior to 2.11.4,Β Β a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file s...
maven/org.springframework.cloud:spring-cloud-skipper<2.11.4
● CVE-2024-39672
Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability.
Huawei Emui=14.0.0
Huawei Harmonyos=4.0.0
Huawei Harmonyos=4.2.0
● CVE-2024-39671
Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Huawei Emui=14.0.0
Huawei Harmonyos=4.0.0
Huawei Harmonyos=4.2.0
● CVE-2024-39673
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Huawei Emui=12.0.0
Huawei Emui=13.0.0
Huawei Emui=14.0.0
Huawei Harmonyos=2.0.0
Huawei Harmonyos=2.1.0
Huawei Harmonyos=3.0.0
and 3 more
● CVE-2024-6589
LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion
● CVE-2024-37084
Remote code execution in Spring Cloud Data Flow
maven/org.springframework.cloud:spring-cloud-skipper<2.11.4
● CVE-2024-39379
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge<127.0.2651.74
Microsoft Edge (Chromium-based)
● CVE-2024-7047
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
● RHSA-2024:4863
Important: httpd security update
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates
redhat/httpd<2.4.51-7.el9_0.7
redhat/httpd<2.4.51-7.el9_0.7
and 24 more
● CVE-2024-41706
A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in...

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
Β© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203