|
91
|
4.6 |
MEDIUM
Network
|
liferay
|
digital_experience_platform
liferay_portal
|
Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions…
Update
|
CWE-384
Session Fixation
|
CVE-2023-47798
|
2024-10-4 03:13 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
7.5 |
HIGH
Adjacent
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Al…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-23935
|
2024-10-4 03:07 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
8.8 |
HIGH
Adjacent
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine…
Update
|
CWE-416
Use After Free
|
CVE-2024-23923
|
2024-10-4 03:07 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
6.8 |
MEDIUM
Physics
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations…
Update
|
CWE-78
OS Command
|
CVE-2024-23961
|
2024-10-4 03:06 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
4.6 |
MEDIUM
Physics
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations …
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-23960
|
2024-10-4 03:06 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
6.8 |
MEDIUM
Physics
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installatio…
Update
|
CWE-78
OS Command
|
CVE-2024-23924
|
2024-10-4 03:06 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tick/broadcast: Move per CPU pointer access into the atomic section
The recent fix for making the take over of the broadcast time…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44968
|
2024-10-4 03:04 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
7.4 |
HIGH
Adjacent
|
cisco
|
ios_xr
|
A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to …
Update
|
NVD-CWE-noinfo
|
CVE-2024-20317
|
2024-10-4 02:58 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
4.3 |
MEDIUM
Network
|
codesupply
|
absolute_reviews
|
The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metabox_revi…
Update
|
-
|
CVE-2021-4426
|
2024-10-4 02:51 |
2023-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
5.4 |
MEDIUM
Network
|
cisco
|
catalyst_sd-wan_manager
|
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-20475
|
2024-10-4 02:49 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
