Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2022-28656 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to consume RAM in the Apport process
local
low complexity
apport-project canonical CWE-770
5.5
5.5
2024-06-04 CVE-2022-28658 Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
local
low complexity
apport-project canonical
5.5
5.5
2024-06-04 CVE-2024-30889 Cross-site Scripting vulnerability in Web-Audimex Audimexee 15.1.2
Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters.
network
low complexity
web-audimex CWE-79
5.4
5.4
2024-06-04 CVE-2024-34362 Use After Free vulnerability in Envoyproxy Envoy
Envoy is a cloud-native, open source edge and service proxy.
network
high complexity
envoyproxy CWE-416
5.9
5.9
2024-06-04 CVE-2024-34364 Out-of-bounds Write vulnerability in Envoyproxy Envoy
Envoy is a cloud-native, open source edge and service proxy.
network
low complexity
envoyproxy CWE-787
6.5
6.5
2024-06-04 CVE-2024-4220 Unspecified vulnerability in Beyondtrust Beyondinsight
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.
network
low complexity
beyondtrust
5.3
5.3
2024-06-04 CVE-2024-30528 Missing Authorization vulnerability in Spiffyplugins Spiffy Calendar
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.
network
low complexity
spiffyplugins CWE-862
6.3
6.3
2024-06-04 CVE-2024-32464 Cross-site Scripting vulnerability in Rubyonrails Rails
Action Text brings rich text content and editing to Rails.
network
low complexity
rubyonrails CWE-79
6.1
6.1
2024-06-04 CVE-2024-34759 Cross-site Scripting vulnerability in Videowhisper Picture Gallery
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VideoWhisper Picture Gallery allows Stored XSS.This issue affects Picture Gallery: from n/a through 1.5.11.
network
low complexity
videowhisper CWE-79
5.4
5.4
2024-06-04 CVE-2024-0756 Cross-site Scripting vulnerability in Elearningfreak Insert or Embed Articulate Content
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.
network
low complexity
elearningfreak CWE-79
5.4
5.4