1081
|
6.5 |
MEDIUM
Local
|
linuxfoundation mediatek google linux
|
yocto iot_yocto android linux_kernel
|
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is…
|
CWE-416
Use After Free
|
CVE-2023-20849
|
2024-10-2 04:35 |
2023-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1082
|
8.8 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-787
Out-of-bounds Write
|
CVE-2023-4353
|
2024-10-2 04:35 |
2023-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1083
|
7.5 |
HIGH
Network
apache
|
apache-airflow-providers-apache-drill
|
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in m…
|
CWE-20
Improper Input Validation
|
CVE-2023-39553
|
2024-10-2 04:35 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1084
|
9.1 |
CRITICAL
Network
apache
|
traffic_server
|
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
|
CWE-444
HTTP Request Smuggling
|
CVE-2023-33934
|
2024-10-2 04:35 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1085
|
7.5 |
HIGH
Network
apache
|
traffic_server
|
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
|
CWE-20
Improper Input Validation
|
CVE-2022-47185
|
2024-10-2 04:35 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1086
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length
I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long,…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-42154
|
2024-10-2 04:32 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1087
|
7.5 |
HIGH
Network
circutor
|
q-smt_firmware
|
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web app…
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-8888
|
2024-10-2 04:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1088
|
7.8 |
HIGH
Local
|
grafana
|
alloy
|
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-r…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8975
|
2024-10-2 04:20 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1089
|
7.8 |
HIGH
Local
|
grafana
|
agent
|
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Agent Flow: before 0.43.2
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8996
|
2024-10-2 04:16 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1090
|
- |
|
-
|
-
|
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with …
|
CWE-1288
Improper Validation of Consistency within Input
|
CVE-2024-5953
|
2024-10-2 04:15 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|