2651
|
9.1 |
CRITICAL
Network
nextcloud
|
desktop
|
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
|
NVD-CWE-noinfo
|
CVE-2024-46958
|
2024-09-21 07:41 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2652
|
6.5 |
MEDIUM
Network
gitpython_project
|
gitpython
|
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file bei…
|
CWE-22
Path Traversal
|
CVE-2023-41040
|
2024-09-21 06:15 |
2023-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2653
|
- |
|
-
|
-
|
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-31872
|
2024-09-21 05:15 |
2024-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2654
|
7.8 |
HIGH
Local
|
ibm
|
i
|
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-22346
|
2024-09-21 05:15 |
2024-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2655
|
5.5 |
MEDIUM
Local
|
ibm
|
i_access_client_solutions
|
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS config…
|
CWE-384
Session Fixation
|
CVE-2024-22318
|
2024-09-21 05:15 |
2024-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2656
|
9.8 |
CRITICAL
Network
man
|
d-tale
|
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrad…
|
NVD-CWE-noinfo
|
CVE-2024-45595
|
2024-09-21 04:59 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2657
|
8.8 |
HIGH
Network
|
nixos
|
nix
|
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to a…
|
CWE-22
Path Traversal
|
CVE-2024-45593
|
2024-09-21 04:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2658
|
6.1 |
MEDIUM
Network
|
damienharper
|
auditor-bundle
|
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45592
|
2024-09-21 04:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2659
|
5.3 |
MEDIUM
Network
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the pa…
|
CWE-862
Missing Authorization
|
CVE-2024-45591
|
2024-09-21 04:55 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2660
|
7.3 |
HIGH
Network
fortinet
|
forticlient_enterprise_management_server
|
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthe…
|
CWE-77
Command Injection
|
CVE-2024-33508
|
2024-09-21 04:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|