2551
|
7.5 |
HIGH
Network
openjsf
|
body-parser
|
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood th…
|
NVD-CWE-noinfo
|
CVE-2024-45590
|
2024-09-21 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2552
|
2.7 |
LOW
Network
|
fortinet
|
fortiedrmanager
|
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permiss…
|
NVD-CWE-Other
|
CVE-2024-45323
|
2024-09-21 01:23 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2553
|
9.8 |
CRITICAL
Network
omniauth
|
omniauth_saml
|
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data wit…
|
CWE-287
Improper Authentication
|
CVE-2017-11430
|
2024-09-21 01:21 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2554
|
5.3 |
MEDIUM
Network
|
lizardbyte
|
sunshine
|
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing a…
|
NVD-CWE-noinfo
|
CVE-2024-45407
|
2024-09-21 01:18 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2555
|
4.7 |
MEDIUM
Network
|
openjsf
|
express
|
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43796
|
2024-09-21 01:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2556
|
8.1 |
HIGH
Network
|
redhat
|
build_of_keycloak
|
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 3…
|
CWE-324
Use of a Key Past its Expiration Date
|
CVE-2024-7318
|
2024-09-21 01:02 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2557
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
It is not safe to dereference fl->c.flc_owner without fir…
|
NVD-CWE-noinfo
|
CVE-2024-46690
|
2024-09-21 00:55 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2558
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: cmd-db: Map shared memory as WC, not WB
Linux does not write into cmd-db region. This region of memory is write
protec…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46689
|
2024-09-21 00:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2559
|
9.8 |
CRITICAL
Network
h2o
|
h2o
|
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Conn…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8862
|
2024-09-21 00:47 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2560
|
5.4 |
MEDIUM
Network
|
aimstack
|
aim
|
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8863
|
2024-09-21 00:43 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|