1047524396
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36626 | |
| [PRODUCT] | |
| prestashop | |
| [VERSION] | |
| 8.1.4 | |
| [PROBLEM TYPE] | |
| NULL Pointer Dereference | |
| [DESCRIPTION] | |
| In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36625 | |
| [PRODUCT] | |
| zulip | |
| [VERSION] | |
| 8.3 | |
| [PROBLEM TYPE] | |
| Cross Site Scripting (XSS) | |
| [DESCRIPTION] | |
| Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36624 | |
| [PRODUCT] | |
| zulip | |
| [VERSION] | |
| 8.3 | |
| [PROBLEM TYPE] | |
| Cross Site Scripting (XSS) | |
| [DESCRIPTION] | |
| Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36623 | |
| [PRODUCT] | |
| moby | |
| [VERSION] | |
| v25.0.3 | |
| [PROBLEM TYPE] | |
| Race Condition | |
| [DESCRIPTION] | |
| moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36622 | |
| [PRODUCT] | |
| raspap-webgui | |
| [VERSION] | |
| 3.0.9 and earlier | |
| [PROBLEM TYPE] | |
| OS Command Injection | |
| [DESCRIPTION] | |
| In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36621 | |
| [PRODUCT] | |
| moby | |
| [VERSION] | |
| v25.0.5 | |
| [PROBLEM TYPE] | |
| CWE-366: Race Condition within a Thread | |
| [DESCRIPTION] | |
| moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36620 | |
| [PRODUCT] | |
| moby | |
| [VERSION] | |
| v25.0.0-v26.0.2 | |
| [PROBLEM TYPE] | |
| NULL Pointer Dereference | |
| [DESCRIPTION] | |
| moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36619 | |
| [PRODUCT] | |
| FFmpeg | |
| [VERSION] | |
| n6.1.1 | |
| [PROBLEM TYPE] | |
| Integer Overflow | |
| [DESCRIPTION] | |
| FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36618 | |
| [PRODUCT] | |
| FFmpeg | |
| [VERSION] | |
| n6.1.1 | |
| [PROBLEM TYPE] | |
| Integer Overflow | |
| [DESCRIPTION] | |
| FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36617 | |
| [PRODUCT] | |
| FFmpeg | |
| [VERSION] | |
| n6.1.1 | |
| [PROBLEM TYPE] | |
| Integer Overflow | |
| [DESCRIPTION] | |
| FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. |
NewerOlder