841
|
6.5 |
MEDIUM
Network
|
apache
|
druid
|
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid a…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45537
|
2024-10-2 05:41 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
842
|
4.9 |
MEDIUM
Network
|
formtools
|
form_tools
|
A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts …
Update
|
CWE-94
Code Injection
|
CVE-2024-6936
|
2024-10-2 05:37 |
2024-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
843
|
4.6 |
MEDIUM
Physics
|
ibm
|
infosphere_information_server
|
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.
Update
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-37533
|
2024-10-2 05:35 |
2024-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
844
|
7.8 |
HIGH
Local
|
google
|
android
|
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
Update
|
CWE-862
Missing Authorization
|
CVE-2023-38460
|
2024-10-2 05:35 |
2023-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
845
|
7.5 |
HIGH
Network
apache
|
apache-airflow-providers-apache-spark
|
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to re…
Update
|
NVD-CWE-noinfo
|
CVE-2023-40272
|
2024-10-2 05:35 |
2023-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
846
|
8.8 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security seve…
Update
|
NVD-CWE-noinfo
|
CVE-2023-4357
|
2024-10-2 05:35 |
2023-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
847
|
7.5 |
HIGH
Network
duckdb
|
duckdb
|
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerabilit…
Update
|
NVD-CWE-noinfo
|
CVE-2024-41672
|
2024-10-2 05:33 |
2024-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
848
|
9.8 |
CRITICAL
Network
tenda
|
o3_firmware
|
A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7151
|
2024-10-2 05:28 |
2024-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
849
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbo…
Update
|
-
|
CVE-2024-39560
|
2024-10-2 05:15 |
2024-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
850
|
7.8 |
HIGH
Local
|
restsharp
|
restsharp
|
RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdat…
Update
|
CWE-74
Injection
|
CVE-2024-45302
|
2024-10-2 05:05 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|