2631
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: cmd-db: Map shared memory as WC, not WB
Linux does not write into cmd-db region. This region of memory is write
protec…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46689
|
2024-09-21 00:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2632
|
9.8 |
CRITICAL
Network
h2o
|
h2o
|
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Conn…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8862
|
2024-09-21 00:47 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2633
|
5.4 |
MEDIUM
Network
|
aimstack
|
aim
|
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8863
|
2024-09-21 00:43 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2634
|
6.1 |
MEDIUM
Network
|
autocms_project
|
autocms
|
A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8866
|
2024-09-21 00:36 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2635
|
7.8 |
HIGH
Local
|
watchguard
|
epp_firmware edr_firmware epdr_firmware panda_ad360_firmware
|
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on W…
|
NVD-CWE-noinfo
|
CVE-2023-26236
|
2024-09-21 00:35 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2636
|
2.7 |
LOW
Network
|
purestorage
|
purity
|
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
|
NVD-CWE-noinfo
|
CVE-2023-28372
|
2024-09-21 00:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2637
|
6.1 |
MEDIUM
Network
|
onlyoffice
|
document_server
|
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Fun…
|
CWE-79
Cross-site Scripting
|
CVE-2023-50883
|
2024-09-21 00:18 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2638
|
- |
|
-
|
-
|
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
|
-
|
CVE-2024-27244
|
2024-09-21 00:15 |
2024-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2639
|
- |
|
-
|
-
|
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
|
-
|
CVE-2024-27243
|
2024-09-21 00:15 |
2024-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2640
|
- |
|
-
|
-
|
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.
|
-
|
CVE-2024-27247
|
2024-09-21 00:15 |
2024-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|