CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-30925 – DerbyNet 9.0 photo-thumbs.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30925
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 0EPSS: 0%CPEs: -EXPL: 0CVE-2024-30924 – DerbyNet 9.0 checkin.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30924
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-692: Incomplete Denylist to Cross-Site Scripting •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-30921 – DerbyNet 9.0 photo.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-30920 – DerbyNet 9.0 render-document.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30920
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31083 – Xorg-x11-server: use-after-free in procrenderaddglyphs
https://notcve.org/view.php?id=CVE-2024-31083
This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ProcRenderAddGlyphs function. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • http://www.openwall.com/lists/oss-security/2024/04/03/13 http://www.openwall.com/lists/oss-security/2024/04/12/10 https://access.redhat.com/errata/RHSA-2024:1785 https://access.redhat.com/errata/RHSA-2024:2036 https://access.redhat.com/errata/RHSA-2024:2037 https://access.redhat.com/errata/RHSA-2024:2038 https://access.redhat.com/errata/RHSA-2024:2039 https://access.redhat.com/errata/RHSA-2024:2040 https://access.redhat.com/errata/RHSA-2024:2041 https:// • CWE-416: Use After Free •