Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-02 | CVE-2023-7279 | Unspecified vulnerability in Sse-Secure-Systems Connaisseur A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. | 5.9 |
2024-09-02 | CVE-2024-28100 | Cross-site Scripting vulnerability in Elabftw eLabFTW is an open source electronic lab notebook for research labs. | 5.4 |
2024-09-02 | CVE-2024-43792 | Cross-site Scripting vulnerability in Halo Halo is an open source website building tool. | 6.1 |
2024-09-02 | CVE-2024-43797 | Path Traversal vulnerability in Audiobookshelf audiobookshelf is a self-hosted audiobook and podcast server. | 4.3 |
2024-09-02 | CVE-2024-44947 | Improper Initialization vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). | 5.5 |
2024-09-02 | CVE-2024-45312 | Injection vulnerability in Overleaf Overleaf is a web-based collaborative LaTeX editor. | 5.3 |
2024-09-02 | CVE-2024-45313 | Insecure Default Initialization of Resource vulnerability in Overleaf Overleaf is a web-based collaborative LaTeX editor. | 5.4 |
2024-09-02 | CVE-2024-6920 | Cross-site Scripting vulnerability in NAC Nacpremium Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. | 6.1 |
2024-09-02 | CVE-2024-33016 | memory corruption when an invalid firehose patch command is invoked. low complexity | 6.8 |
2024-09-02 | CVE-2024-33043 | Transient DOS while handling PS event when Program Service name length offset value is set to 255. local low complexity | 5.5 |