#ios

Bhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume,

In K7 Ultimate Security versions prior to 17.0.2019, the driver file (K7RKScan.sys - this version 15.1.0.7) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of a null pointer dereference from IOCtl 0x222010 and 0x222014. At the same time, the drive is accessible to all users in the "Everyone" group.

Kortex version 1.0 suffers from an insecure direct object reference vulnerability.

Red Hat Security Advisory 2024-5314-03 - Red Hat OpenShift Virtualization release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) and integrity (I:L) but does not impact availability (A:N)? What does that mean for this vulnerability?** The attacker is only able to modify the sender's name of Teams message (I:L) and through social engineering, attempt to trick the recipient into disclosing information (C:L). The availability of the product cannot be affected (A:N).

### 1. Impacted Products Streamilt Open Source versions before 1.37.0. ### 2. Introduction Snowflake Streamlit open source addressed a security vulnerability via the [static file sharing feature](https://docs.streamlit.io/develop/concepts/configuration/serving-static-files). The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows. ### 3. Path Traversal Vulnerability #### 3.1 Description On May 12, 2024, Streamlit was informed via our bug bounty program about a path traversal vulnerability in the open source library. We fixed and merged a patch remediating the vulnerability on Jul 25, 2024. The issue was determined to be in the moderate severity range with a maximum CVSSv3 base score of [5.9](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) #### 3.2 Scenarios and attack vector(s) Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerabi...

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Gaati Track version 1.0-2023 suffers from an ignored default credential vulnerability.

Farmacia Gama version 1.0 suffers from an insecure direct object reference vulnerability.