π¨ CVE-2024-28167
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction.
π@cveNotify
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction.
π@cveNotify
π¨ CVE-2024-30676
A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. A malicious user could potentially exploit this vulnerability remotely to crash the ROS2 nodes, thereby causing a denial of service. The flaw allows an attacker to cause unexpected behavior in the operation of ROS2 nodes, which leads to their failure and interrupts the regular operation of the system, thus making it unavailable for its intended users.
π@cveNotify
A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. A malicious user could potentially exploit this vulnerability remotely to crash the ROS2 nodes, thereby causing a denial of service. The flaw allows an attacker to cause unexpected behavior in the operation of ROS2 nodes, which leads to their failure and interrupts the regular operation of the system, thus making it unavailable for its intended users.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30676: Denial-of-Service (DoS) Vulnerability in ROS2 Iron Irwini
Denial-of-Service (DoS) Vulnerability in ROS2 Iron Irwini - yashpatelphd/CVE-2024-30676
π¨ CVE-2024-30678
An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to intercept and access this data.
π@cveNotify
An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to intercept and access this data.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30678: Information Leakage in ROS2 Iron Irwini via Plaintext Message Transmission
Information Leakage in ROS2 Iron Irwini via Plaintext Message Transmission - yashpatelphd/CVE-2024-30678
π¨ CVE-2024-30679
An issue was discovered in the default configurations of ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to authenticate using default credentials.
π@cveNotify
An issue was discovered in the default configurations of ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to authenticate using default credentials.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30679: Security Misconfiguration in ROS2 Iron Irwini
Security Misconfiguration in ROS2 Iron Irwini. Contribute to yashpatelphd/CVE-2024-30679 development by creating an account on GitHub.
π¨ CVE-2024-30680
Shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Iron Irwini in versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs.
π@cveNotify
Shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Iron Irwini in versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30680: Shell Injection Vulnerability in ROS2 Iron Irwini
Shell Injection Vulnerability in ROS2 Iron Irwini. Contribute to yashpatelphd/CVE-2024-30680 development by creating an account on GitHub.
π¨ CVE-2024-30681
An OS command injection vulnerability has been discovered in ROS2 Iron Irwini version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2.
π@cveNotify
An OS command injection vulnerability has been discovered in ROS2 Iron Irwini version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30681: OS Command Injection Vulnerability in ROS2 Iron Irwini
OS Command Injection Vulnerability in ROS2 Iron Irwini - yashpatelphd/CVE-2024-30681
π¨ CVE-2024-30683
A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings.
π@cveNotify
A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30683: Buffer Overflow Vulnerability in ROS2 Iron Irwini
Buffer Overflow Vulnerability in ROS2 Iron Irwini. Contribute to yashpatelphd/CVE-2024-30683 development by creating an account on GitHub.
π¨ CVE-2024-1664
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS
See details on Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS CVE 2024-1664. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-30684
An insecure logging vulnerability has been identified within ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to access sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2.
π@cveNotify
An insecure logging vulnerability has been identified within ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to access sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30684: Insecure Logging Vulnerability in ROS2 Iron Irwini
Insecure Logging Vulnerability in ROS2 Iron Irwini - yashpatelphd/CVE-2024-30684
π¨ CVE-2024-30686
An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system.
π@cveNotify
An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30686: Remote Command Execution Vulnerability in ROS2 Iron Irwini
Remote Command Execution Vulnerability in ROS2 Iron Irwini - yashpatelphd/CVE-2024-30686
π¨ CVE-2024-30687
An insecure deserialization vulnerability has been identified in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces.
π@cveNotify
An insecure deserialization vulnerability has been identified in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30687: Insecure Deserialization Vulnerability in ROS2 Iron Irwini
Insecure Deserialization Vulnerability in ROS2 Iron Irwini - yashpatelphd/CVE-2024-30687
π¨ CVE-2024-30688
An arbitrary file upload vulnerability has been discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted payload to the file upload mechanism of the ROS2 system, including the serverβs functionality for handling file uploads and the associated validation processes.
π@cveNotify
An arbitrary file upload vulnerability has been discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted payload to the file upload mechanism of the ROS2 system, including the serverβs functionality for handling file uploads and the associated validation processes.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30688
Contribute to yashpatelphd/CVE-2024-30688 development by creating an account on GitHub.
π¨ CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
π@cveNotify
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
π@cveNotify
GitHub
[CVE-2023-52425] Speed up parsing of big tokens by Snild-Sony Β· Pull Request #789 Β· libexpat/libexpat
When parsing a really big token that requires multiple buffer fills to complete, expat has to re-parse the token from start multiple times, which takes time. These patches introduce a heuristic tha...
π¨ CVE-2024-30690
An unauthorized node injection vulnerability has been identified in ROS2 Galactic Geochelone versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to escalate privileges.
π@cveNotify
An unauthorized node injection vulnerability has been identified in ROS2 Galactic Geochelone versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to escalate privileges.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30690: Unauthorized Node Injection Vulnerability in ROS2 Galactic Geochelone
Unauthorized Node Injection Vulnerability in ROS2 Galactic Geochelone - yashpatelphd/CVE-2024-30690
π¨ CVE-2024-1233
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
π@cveNotify
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
π@cveNotify
π¨ CVE-2024-30691
An issue was discovered in ROS2 Galactic Geochelone in version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes.
π@cveNotify
An issue was discovered in ROS2 Galactic Geochelone in version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30691: Unauthorized Access Vulnerability in ROS2 Galactic Geochelone
Unauthorized Access Vulnerability in ROS2 Galactic Geochelone - yashpatelphd/CVE-2024-30691
π¨ CVE-2024-30692
A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) in the ROS2 nodes.
π@cveNotify
A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) in the ROS2 nodes.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30692: Denial-of-Service (DoS) Vulnerability in ROS2 Galactic Geochelone
Denial-of-Service (DoS) Vulnerability in ROS2 Galactic Geochelone - yashpatelphd/CVE-2024-30692
π¨ CVE-2024-30694
A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs.
π@cveNotify
A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30691: Unauthorized Access Vulnerability in ROS2 Galactic Geochelone
Unauthorized Access Vulnerability in ROS2 Galactic Geochelone - yashpatelphd/CVE-2024-30691
π¨ CVE-2024-30695
An issue was discovered in the default configurations of ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials.
π@cveNotify
An issue was discovered in the default configurations of ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30695: Security Misconfiguration in ROS2 Galactic Geochelone
Security Misconfiguration in ROS2 Galactic Geochelone - yashpatelphd/CVE-2024-30695
π¨ CVE-2024-30696
OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2, including External Command Execution Modules, System Call Handlers, and Interface Scripts.
π@cveNotify
OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2, including External Command Execution Modules, System Call Handlers, and Interface Scripts.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30696: OS Command Injection Vulnerability in ROS2 Galactic Geochelone
OS Command Injection Vulnerability in ROS2 Galactic Geochelone - yashpatelphd/CVE-2024-30696
π¨ CVE-2024-30697
An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack.
π@cveNotify
An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack.
π@cveNotify
GitHub
GitHub - yashpatelphd/CVE-2024-30697: Information Leakage in ROS2 Galactic Geochelone via Plaintext Message Transmission
Information Leakage in ROS2 Galactic Geochelone via Plaintext Message Transmission - yashpatelphd/CVE-2024-30697