|
308561
|
7.5 |
HIGH
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability t…
|
NVD-CWE-noinfo
|
CVE-2024-47000
|
2024-09-25 05:25 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308562
|
6.5 |
MEDIUM
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to …
|
NVD-CWE-noinfo
|
CVE-2024-46999
|
2024-09-25 05:20 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308563
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-45809
|
2024-09-25 05:12 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308564
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requ…
|
NVD-CWE-noinfo
|
CVE-2024-45810
|
2024-09-25 04:48 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308565
|
4.8 |
MEDIUM
Network
|
mage-people
|
bus_ticket_booking_with_seat_reservation
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affe…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43985
|
2024-09-25 04:33 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308566
|
6.1 |
MEDIUM
Network
|
couchbase
|
couchbase_server
|
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
|
CWE-74
Injection
|
CVE-2024-25673
|
2024-09-25 04:08 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308567
|
5.5 |
MEDIUM
Local
|
apple
|
macos
ipados
iphone_os
visionos
tvos
watchos
|
A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS So…
|
NVD-CWE-noinfo
|
CVE-2024-44183
|
2024-09-25 04:04 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308568
|
2.4 |
LOW
Physics
|
apple
|
iphone_os
ipados
|
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.
|
NVD-CWE-noinfo
|
CVE-2024-44180
|
2024-09-25 04:04 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308569
|
5.5 |
MEDIUM
Local
|
apple
|
macos
ipados
iphone_os
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app …
|
NVD-CWE-noinfo
|
CVE-2024-44184
|
2024-09-25 04:03 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308570
|
6.5 |
MEDIUM
Network
|
apple
|
macos
safari
|
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
|
NVD-CWE-noinfo
|
CVE-2024-40866
|
2024-09-25 04:02 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
