|
511
|
6.5 |
MEDIUM
Local
|
linuxfoundation
mediatek
google
linux
|
yocto
iot_yocto
android
linux_kernel
|
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is…
Update
|
CWE-416
Use After Free
|
CVE-2023-20849
|
2024-10-2 04:35 |
2023-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
512
|
8.8 |
HIGH
Network
|
google
debian
fedoraproject
|
chrome
debian_linux
fedora
|
Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-4353
|
2024-10-2 04:35 |
2023-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
513
|
7.5 |
HIGH
Network
apache
|
apache-airflow-providers-apache-drill
|
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in m…
Update
|
CWE-20
Improper Input Validation
|
CVE-2023-39553
|
2024-10-2 04:35 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
514
|
9.1 |
CRITICAL
Network
apache
|
traffic_server
|
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2023-33934
|
2024-10-2 04:35 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
515
|
7.5 |
HIGH
Network
apache
|
traffic_server
|
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
Update
|
CWE-20
Improper Input Validation
|
CVE-2022-47185
|
2024-10-2 04:35 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
516
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length
I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long,…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-42154
|
2024-10-2 04:32 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
517
|
7.5 |
HIGH
Network
circutor
|
q-smt_firmware
|
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web app…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-8888
|
2024-10-2 04:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
518
|
7.8 |
HIGH
Local
|
grafana
|
alloy
|
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-r…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8975
|
2024-10-2 04:20 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
519
|
7.8 |
HIGH
Local
|
grafana
|
agent
|
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Agent Flow: before 0.43.2
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8996
|
2024-10-2 04:16 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
520
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw a…
New
|
CWE-59
Link Following
|
CVE-2024-9341
|
2024-10-2 04:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
