CVE-2024-24578

Relative Path Traversal (CWE-23)

Published: Mar 18, 2024 / Updated: 8mo ago

Update Fri Aug 2 14:35:21 UTC 2024

Update Thu Apr 11 10:04:41 UTC 2024

Update Wed Apr 10 10:08:04 UTC 2024

Update Wed Apr 3 18:03:53 UTC 2024

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info N/A — N/A Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component. 2024-03-19 8.8 CVE-2024-24042 cve@mitre.org cve@mitre.org N/A — N/A danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. 2024-03-18 7.4 CVE-2024-29154 cve@mitre.org aam — advanced_access_manager Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. 2024-03-19 7.1 CVE-2024-29127 audit@patchstack.com abast — scan_visio_edocument_suite_web_viewer A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via “user” parameter. 2024-03-21 9.8 CVE-2024-29732 cve-coordination@incibe.es acryldata — datahub-helm datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of time, personal access tokens were possibly created with a default secret key. Since the secret key is a static, publicly available value, someone could inspect the algorithm used to generate personal access tokens and generate their own for an instance.