2211
|
4.8 |
MEDIUM
Network
|
mailcow
|
mailcow\
|
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is ex…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41960
|
2024-09-20 05:01 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2212
|
7.8 |
HIGH
Local
|
sudo_project fedoraproject debian netapp mcafee synology beyondtrust oracle
|
sudo fedora debian_linux cloud_backup ontap_select_deploy_administration_utility solidfire hci_management_node active_iq_unified_manager oncommand_unified_manager_core_package…
|
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends wit…
|
CWE-193
Off-by-one Error
|
CVE-2021-3156
|
2024-09-20 04:58 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2213
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly …
|
CWE-79
Cross-site Scripting
|
CVE-2024-34343
|
2024-09-20 04:57 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2214
|
9.8 |
CRITICAL
Network
adobe google redhat suse opensuse
|
flash_player chrome enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_eus linux_enterprise_desktop ope…
|
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute ar…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2014-0497
|
2024-09-20 04:56 |
2014-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2215
|
8.1 |
HIGH
Network
|
yunknet
|
online_school_system
|
A vulnerability was found in ?????????? Yunke Online School System up to 1.5.5. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/educloud/videobind.html…
|
NVD-CWE-Other
|
CVE-2024-8417
|
2024-09-20 04:53 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2216
|
8.8 |
HIGH
Network
|
adobe suse opensuse redhat
|
flash_player adobe_air_sdk adobe_air linux_enterprise_desktop opensuse enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_deskto…
|
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on…
|
CWE-415
Double Free
|
CVE-2014-0502
|
2024-09-20 04:53 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2217
|
8.8 |
HIGH
Network
|
adobe suse opensuse redhat
|
flash_player linux_enterprise_desktop opensuse enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_eus
|
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and…
|
NVD-CWE-noinfo
|
CVE-2013-0648
|
2024-09-20 04:51 |
2013-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2218
|
8.8 |
HIGH
Network
|
adobe redhat suse opensuse
|
flash_player enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_eus linux_enterprise_desktop opensuse
|
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly rest…
|
NVD-CWE-noinfo
|
CVE-2013-0643
|
2024-09-20 04:48 |
2013-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2219
|
4.3 |
MEDIUM
Network
|
lunary
|
lunary
|
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-6582
|
2024-09-20 04:45 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2220
|
8.8 |
HIGH
Network
|
thingsboard
|
thingsboard
|
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent…
|
CWE-74
Injection
|
CVE-2023-45303
|
2024-09-20 04:35 |
2023-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|