1101
|
8.8 |
HIGH
Network
|
atlassian
|
bamboo_data_center bamboo_server
|
This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center.
This Injection and RCE (Remote Code Execut…
|
CWE-94
Code Injection
|
CVE-2023-22506
|
2024-10-2 02:35 |
2023-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1102
|
8.6 |
HIGH
Network
circutor
|
q-smt_firmware
|
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login p…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-8887
|
2024-10-2 02:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1103
|
9.8 |
CRITICAL
Network
scriptcase
|
scriptcase
|
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST requ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8940
|
2024-10-2 02:21 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1104
|
9.8 |
CRITICAL
Network
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware progauge_maglink_lx4_console_firmware
|
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE
UTILITY sub-menu can allow a remote attacker to inject arbitrary
commands.
|
CWE-77
Command Injection
|
CVE-2024-43693
|
2024-10-2 02:17 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1105
|
7.8 |
HIGH
Local
|
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
|
CWE-77
Command Injection
|
CVE-2024-7679
|
2024-10-2 02:16 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1106
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: Fix uaf in __timer_delete_sync
There are two paths to access mptcp_pm_del_add_timer, result in a race
condition:
…
|
CWE-416
Use After Free
|
CVE-2024-46858
|
2024-10-2 02:10 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1107
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix bridge mode operations when there are no VFs
Currently, trying to set the bridge mode attribute when numvfs=0 leads…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46857
|
2024-10-2 02:10 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1108
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()
If the __qcuefi pointer is not set, then in the original code, we wo…
|
CWE-667
Improper Locking
|
CVE-2024-46868
|
2024-10-2 02:09 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1109
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/client: add missing bo locking in show_meminfo()
bo_meminfo() wants to inspect bo state like tt and the ttm resource,
howe…
|
CWE-667
Improper Locking
|
CVE-2024-46866
|
2024-10-2 02:09 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1110
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/client: fix deadlock in show_meminfo()
There is a real deadlock as well as sleeping in atomic() bug in here, if
the bo put…
|
CWE-667
Improper Locking
|
CVE-2024-46867
|
2024-10-2 02:09 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|