Advisory Week

Week 51, 2024

National Cyber Awareness System

CISA Adds One Known Exploited Vulnerability to Catalog

Adobe Security Bulletins and Advisories

Security updates available for Adobe ColdFusion | APSB24-107

Amazon AWS Security Advisories

Issue with RedShift JDBC Driver, Python Connector and ODBC Driver - (CVE-2024-12744, CVE-2024-12745, CVE-2024-12746)

Github Security Advisories

[GHSA-hqmp-g7ph-x543] TunnelVision - decloaking VPNs using DHCP

[GHSA-j5vv-6wjg-cfr8] changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

[GHSA-8gc2-vq6m-rwjw] Amazon Redshift Python Connector vulnerable to SQL Injection

[GHSA-8596-2jgr-ppj7] Amazon Redshift JDBC Driver vulnerable to SQL Injection

[GHSA-xx95-62h6-h7v3] lgsl Stored Cross-Site Scripting vulnerability

[GHSA-x52f-h5g4-8qv5] Marp Core allows XSS by improper neutralization of HTML sanitization

[GHSA-vm62-9jw3-c8w3] Gogs has an argument Injection in the built-in SSH server

[GHSA-9pp6-wq8c-3w2c] Gogs allows argument injection during the previewing of changes

[GHSA-ccqv-43vm-4f3w] Gogs allows deletion of internal files

[GHSA-m27m-h5gj-wwmg] Gogs allows argument Injection when tagging new releases

[GHSA-xwx7-p63r-2rj8] Navidrome Stores JWT Secret in Plaintext in navidrome.db

[GHSA-64gp-r758-8pfm] Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment

[GHSA-r87q-fj25-f8jf] Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

[GHSA-q2x7-8rv6-6q7h] Jinja has a sandbox breakout through indirect reference to format method

[GHSA-gmj6-6f8f-6699] Jinja has a sandbox breakout through malicious filenames

[GHSA-qf5v-rp47-55gg] Path Traversal in file update API in gogs

[GHSA-r7j8-5h9c-f6fx] Remote Command Execution in file editing in gogs

CISA Known Exploted Vulnerabilities

Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability CVE-2021-44207

The known exploited vulnerabilities list contains vulnerabilities that are known to be actively exploited. They may not be new or recently discovered. Vulnerabilities listed here were added to this list in the past week.

Switch to Daily Mode

We're thrilled to announce the launch of AdvisoryDaily, a once a day version of this newsletter.

Get AdvisoryDaily