801
|
7.5 |
HIGH
Network
microsoft
|
power_platform_terraform_provider
|
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitiv…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-47083
|
2024-10-4 00:11 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
802
|
9.3 |
CRITICAL
Adjacent
|
cisco
|
ios_xe
|
A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication ac…
|
CWE-863
Incorrect Authorization
|
CVE-2024-20510
|
2024-10-3 23:52 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
803
|
6.5 |
MEDIUM
Network
cisco
|
unified_threat_defense_snort_intrusion_prevention_system_engine
|
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured sec…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-20508
|
2024-10-3 23:43 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
804
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the po…
|
NVD-CWE-noinfo
|
CVE-2023-32559
|
2024-10-3 23:35 |
2023-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
805
|
5.5 |
MEDIUM
Local
|
axiosys
|
bento4
|
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.
|
NVD-CWE-noinfo
|
CVE-2023-38666
|
2024-10-3 23:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
806
|
8.8 |
HIGH
Network
|
apache
|
nifi
|
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a l…
|
CWE-94
Code Injection
|
CVE-2023-36542
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
807
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted H…
|
CWE-416
Use After Free
|
CVE-2022-4921
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
808
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr…
|
CWE-787
Out-of-bounds Write
|
CVE-2022-4920
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
809
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2022-4919
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
810
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (…
|
CWE-416
Use After Free
|
CVE-2021-4322
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|