1051
|
9.8 |
CRITICAL
Network
myoffice
|
my_office_sdk
|
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47222
|
2024-09-30 23:02 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1052
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove
The following warning is seen during bwmon_remove due to re…
|
NVD-CWE-Other
|
CVE-2024-43850
|
2024-09-30 22:57 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1053
|
5.9 |
MEDIUM
Network
|
planetfitness
|
planet_fitness_workouts
|
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network acce…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-43201
|
2024-09-30 22:55 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1054
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
In rtw89_sta_info_get_iter() 'status->he_gi' is compared to arr…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-43842
|
2024-09-30 22:55 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1055
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iio: Fix the sorting functionality in iio_gts_build_avail_time_table
The sorting in iio_gts_build_avail_time_table is not working…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43825
|
2024-09-30 22:53 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1056
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to don't dirty inode for readonly filesystem
syzbot reports f2fs bug as below:
kernel BUG at fs/f2fs/inode.c:933!
RIP:…
|
NVD-CWE-noinfo
|
CVE-2024-42297
|
2024-09-30 22:41 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1057
|
6.1 |
MEDIUM
Network
|
oveleon
|
cookiebar
|
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47069
|
2024-09-30 22:40 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1058
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
sched: act_ct: take care of padding in struct zones_ht_key
Blamed commit increased lookup key size from 2 bytes to 16 bytes,
beca…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-42272
|
2024-09-30 22:40 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1059
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: sanity check symbolic link size
Syzkiller reports a "KMSAN: uninit-value in pick_link" bug.
This is caused by an unini…
|
CWE-59
Link Following
|
CVE-2024-46744
|
2024-09-30 22:36 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1060
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: Add missing bridge lock to pci_bus_lock()
One of the true positives that the cfg_access_lock lockdep effort
identified is th…
|
CWE-667
Improper Locking
|
CVE-2024-46750
|
2024-09-30 22:27 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|