2461
|
4.7 |
MEDIUM
Network
|
openjsf
|
serve-static
|
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-43800
|
2024-09-21 02:36 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2462
|
4.3 |
MEDIUM
Network
|
ibm
|
concert
|
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this li…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-43180
|
2024-09-21 02:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2463
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix get_stashed_dentry()
get_stashed_dentry() tries to optimistically retrieve a stashed dentry
from a provided location. …
|
NVD-CWE-noinfo
|
CVE-2024-46801
|
2024-09-21 02:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2464
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
sch/netem: fix use after free in netem_dequeue
If netem_dequeue() enqueues packet to inner qdisc and that qdisc
returns __NET_XMI…
|
CWE-416
Use After Free
|
CVE-2024-46800
|
2024-09-21 02:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2465
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: core: Prevent USB core invalid event buffer address access
This commit addresses an issue where the USB core could acc…
|
NVD-CWE-noinfo
|
CVE-2024-46675
|
2024-09-21 02:18 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2466
|
7.5 |
HIGH
Network
loytec
|
linx-212_firmware linx-151_firmware
|
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive…
|
NVD-CWE-Other
|
CVE-2023-46389
|
2024-09-21 02:15 |
2023-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2467
|
7.5 |
HIGH
Network
loytec
|
linx-212_firmware linx-151_firmware
|
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp clien…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2023-46388
|
2024-09-21 02:15 |
2023-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2468
|
7.5 |
HIGH
Network
loytec
|
linx-212_firmware linx-151_firmware
|
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensit…
|
NVD-CWE-Other
|
CVE-2023-46387
|
2024-09-21 02:15 |
2023-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2469
|
7.5 |
HIGH
Network
loytec
|
linx-212_firmware linx-151_firmware
|
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client a…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2023-46386
|
2024-09-21 02:15 |
2023-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2470
|
7.5 |
HIGH
Network
loytec
|
l-inx_configurator
|
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote atta…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2023-46385
|
2024-09-21 02:15 |
2023-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|