Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-20524 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. | 6.8 |
| 2024-10-02 | CVE-2024-33209 | Cross-site Scripting vulnerability in Flatpress 1.3 FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2024-10-02 | CVE-2024-47803 | Information Exposure Through an Error Message vulnerability in Jenkins Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. | 4.3 |
| 2024-10-02 | CVE-2024-47804 | Unspecified vulnerability in Jenkins If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | 4.3 |
| 2024-10-02 | CVE-2024-47805 | Insufficiently Protected Credentials vulnerability in Jenkins Credentials Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. | 7.5 |
| 2024-10-02 | CVE-2024-44193 | Unspecified vulnerability in Apple Itunes A logic issue was addressed with improved restrictions. | 7.8 |
| 2024-10-02 | CVE-2024-9429 | SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0 A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. | 9.8 |
| 2024-10-02 | CVE-2024-35294 | An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. | 6.5 |
| 2024-10-02 | CVE-2024-35293 | An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. | 9.1 |
| 2024-10-02 | CVE-2024-8282 | Cross-site Scripting vulnerability in Vowelweb Ibtana The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. | 5.4 |