2551
|
7.8 |
HIGH
Local
|
ibm
|
i
|
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-22346
|
2024-09-21 05:15 |
2024-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2552
|
5.5 |
MEDIUM
Local
|
ibm
|
i_access_client_solutions
|
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS config…
|
CWE-384
Session Fixation
|
CVE-2024-22318
|
2024-09-21 05:15 |
2024-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2553
|
9.8 |
CRITICAL
Network
man
|
d-tale
|
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrad…
|
NVD-CWE-noinfo
|
CVE-2024-45595
|
2024-09-21 04:59 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2554
|
8.8 |
HIGH
Network
|
nixos
|
nix
|
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to a…
|
CWE-22
Path Traversal
|
CVE-2024-45593
|
2024-09-21 04:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2555
|
6.1 |
MEDIUM
Network
|
damienharper
|
auditor-bundle
|
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45592
|
2024-09-21 04:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2556
|
5.3 |
MEDIUM
Network
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the pa…
|
CWE-862
Missing Authorization
|
CVE-2024-45591
|
2024-09-21 04:55 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2557
|
7.3 |
HIGH
Network
fortinet
|
forticlient_enterprise_management_server
|
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthe…
|
CWE-77
Command Injection
|
CVE-2024-33508
|
2024-09-21 04:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2558
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 al…
|
NVD-CWE-noinfo
|
CVE-2024-31490
|
2024-09-21 04:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2559
|
4.6 |
MEDIUM
Physics
|
fortinet
|
forticlient
|
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions m…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-35282
|
2024-09-21 04:44 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2560
|
3.7 |
LOW
Network
|
fortinet
|
fortiadc
|
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2…
|
NVD-CWE-noinfo
|
CVE-2024-36511
|
2024-09-21 04:43 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|