|
305711
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9,…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34445
|
2024-11-6 23:29 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305712
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34444
|
2024-11-6 23:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305713
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in ver…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34443
|
2024-11-6 23:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305714
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field fro…
|
CWE-200
Information Exposure
|
CVE-2024-8553
|
2024-11-6 18:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305715
|
9.8 |
CRITICAL
Network
|
redhat
|
satellite
|
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy no…
|
CWE-287
Improper Authentication
|
CVE-2024-7012
|
2024-11-6 18:15 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305716
|
- |
|
-
|
-
|
Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.
|
-
|
CVE-2024-34681
|
2024-11-6 12:15 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305717
|
5.5 |
MEDIUM
Local
|
apple
|
macos
ipados
iphone_os
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPad…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-44205
|
2024-11-6 07:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305718
|
- |
|
-
|
-
|
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
|
-
|
CVE-2024-45366
|
2024-11-6 07:35 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305719
|
- |
|
-
|
-
|
The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (O…
|
-
|
CVE-2024-45240
|
2024-11-6 07:35 |
2024-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305720
|
- |
|
-
|
-
|
In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional executi…
|
-
|
CVE-2024-34736
|
2024-11-6 07:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
