Aggregator

A vulnerability has been found in Discourse up to 3.3.1/3.4.0.beta1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Topic Handler. The manipulation of the argument label/name leads to improper privilege management. This vulnerability is known as CVE-2024-45297. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Discourse up to 3.3.1/3.4.0.beta1. Affected is an unknown function of the component Email Handler. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-45051. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Discourse up to 3.3.0/3.4.0.beta0. This issue affects some unknown processing of the component Reply Handler. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2024-43789. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A CVSS score 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'leg00m' was reported to the affected vendor on: 2024-10-08, 55 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'leg00m' was reported to the affected vendor on: 2024-10-08, 55 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'leg00m' was reported to the affected vendor on: 2024-10-08, 55 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.3 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'phudq from Viettel cyber security' was reported to the affected vendor on: 2024-10-08, 58 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Piotr Bazydlo (@chudypb) and Simon Zuckerbraun of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-10-08, 58 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'leg00m' was reported to the affected vendor on: 2024-10-08, 58 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-10-08, 58 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'leg00m' was reported to the affected vendor on: 2024-10-08, 59 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'leg00m' was reported to the affected vendor on: 2024-10-08, 59 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'leg00m' was reported to the affected vendor on: 2024-10-08, 59 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'leg00m' was reported to the affected vendor on: 2024-10-08, 59 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Junsung Lee' was reported to the affected vendor on: 2024-10-08, 59 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vladislav Berghici and Amol Dosanjh of Trend Micro' was reported to the affected vendor on: 2024-10-08, 63 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Alex Williams of Trend Micro Security Research' was reported to the affected vendor on: 2024-10-08, 36 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-10-08, 63 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Alex Williams of Trend Micro Security Research' was reported to the affected vendor on: 2024-10-08, 36 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-10-08, 63 days ago. The vendor is given until 2025-02-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.