Security Vulnerabilities - CVEs Published In November 2024
A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-11-12
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-11-12
A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-12
SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-11-11
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVSS Score
9.8
EPSS Score
0.031
Published
2024-11-11
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-11-11
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-11-11
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).
CVSS Score
6.5
EPSS Score
0.002
Published
2024-11-11
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-11-11
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
9.1
EPSS Score
0.014
Published
2024-11-11