High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info allegro_ai — clearml Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access,…
Category: Bulletins
Vulnerability Summary for the Week of January 29, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 60indexpage_project — 60indexpage A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php…
Vulnerability Summary for the Week of January 22, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 60indexpage — 60indexpage A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php…
Vulnerability Summary for the Week of January 15, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info argoproj — argo-cd Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15…
Vulnerability Summary for the Week of January 8, 2024
  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abocms — abo.cms SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. 2024-01-06…
Vulnerability Summary for the Week of January 1, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 7-card — fakabao A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality…
Vulnerability Summary for the Week of December 25, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info awslabs — sandbox-accounts-for-events “Sandbox Accounts for Events” provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could…
Vulnerability Summary for the Week of December 18, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 52north — 52north_wps An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of…
Vulnerability Summary for the Week of December 11, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — cyber_protect_home_office Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. 2023-12-12…
Vulnerability Summary for the Week of December 4, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info arm — bifrost_gpu_kernel_driver Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU…
Vulnerability Summary for the Week of November 27, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such…
Vulnerability Summary for the Week of November 20, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted…
Vulnerability Summary for the Week of November 13, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info checkpoint — endpoint_security Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to…
Vulnerability Summary for the Week of November 6, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 1e — platform The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL…
Vulnerability Summary for the Week of October 30, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info contec — solarview_compact_firmware An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. 2023-10-27 9.8…
Vulnerability Summary for the Week of October 23, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info projectworlds_pvt._limited — online_art_gallery Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘fnm’ parameter of the header.php resource does not…
Vulnerability Summary for the Week of September 11, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info wibu — codemeter_runtime A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to…
Vulnerability Summary for the Week of September 4, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info canonical_ltd. — snapd_for_linux Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it…
Vulnerability Summary for the Week of August 28, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info earcms — ear_app An issue found in Earcms Ear App v.20181124 allows a remote cyber threat actor to execute arbitrary code via the uload/index-uplog.php. 2023-08-29 9.8…