351
|
5.5 |
MEDIUM
Local
|
redhat qemu
|
enterprise_linux qemu
|
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivi…
Update
|
CWE-617
Reachable Assertion
|
CVE-2024-8354
|
2024-10-1 22:15 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
352
|
2.9 |
LOW
Physics
|
opensc_project redhat
|
opensc enterprise_linux
|
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8443
|
2024-10-1 22:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
353
|
5.9 |
MEDIUM
Network
|
redhat
|
kroxylicious
|
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resultin…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2024-8285
|
2024-10-1 22:15 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
354
|
5.4 |
MEDIUM
Network
|
mayurik
|
free_and_open_source_inventory_management_system
|
A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/ad…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9323
|
2024-10-1 21:55 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
355
|
9.8 |
CRITICAL
Network
endress
|
echo_curve_viewer fieldcare_sfe500_package field_xpert_smt79_firmware field_xpert_smt77_firmware field_xpert_smt70_firmware field_xpert_smt50_firmware
|
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
Update
|
CWE-94
Code Injection
|
CVE-2024-6596
|
2024-10-1 21:26 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
356
|
9.8 |
CRITICAL
Network
openfga
|
openfga
|
OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses `but not` and `from` expressions and a us…
New
|
CWE-863
Incorrect Authorization
|
CVE-2024-42473
|
2024-10-1 21:21 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
357
|
- |
|
-
|
-
|
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information …
New
|
CWE-23
Relative Path Traversal
|
CVE-2024-9405
|
2024-10-1 21:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
358
|
- |
|
-
|
-
|
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
New
|
-
|
CVE-2024-30132
|
2024-10-1 21:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
359
|
9.8 |
CRITICAL
Network
mayurik
|
advocate_office_management_system
|
A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The manipu…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9296
|
2024-10-1 20:36 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
360
|
9.8 |
CRITICAL
Network
mayurik
|
advocate_office_management_system
|
A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /control/login.php. The manipulati…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9295
|
2024-10-1 20:36 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|