Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-07 | CVE-2024-24188 | Out-of-bounds Write vulnerability in Jsish 3.5.0 Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. | 9.8 |
2024-02-07 | CVE-2024-24189 | Use After Free vulnerability in Jsish 3.5.0 Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. | 9.8 |
2024-02-07 | CVE-2024-25200 | Out-of-bounds Write vulnerability in Espruino 2.20 Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. | 7.5 |
2024-02-07 | CVE-2024-25201 | Out-of-bounds Read vulnerability in Espruino 2.20 Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. | 7.5 |
2024-02-07 | CVE-2023-39196 | Improper Authentication vulnerability in Apache Ozone 1.2.0/1.2.1/1.3.0 Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | 5.3 |
2024-02-07 | CVE-2024-1109 | Missing Authorization vulnerability in Podlove Podcast Publisher The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. | 5.3 |
2024-02-07 | CVE-2024-1110 | Missing Authorization vulnerability in Podlove Podcast Publisher The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. | 5.3 |
2024-02-07 | CVE-2024-1118 | SQL Injection vulnerability in Podlove Subscribe Button The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-02-07 | CVE-2023-51437 | Information Exposure Through Discrepancy vulnerability in Apache Pulsar Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. | 7.4 |
2024-02-07 | CVE-2023-46914 | SQL Injection vulnerability in Bookingcalendar Project Bookingcalendar 2.7.9 SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. | 9.8 |