1491
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: test for not too small csum_start in virtio_net_hdr_to_skb()
syzbot was able to trigger this warning [1], after injecting a
…
|
NVD-CWE-noinfo
|
CVE-2024-49947
|
2024-11-13 06:25 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1492
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: add more sanity checks to qdisc_pkt_len_init()
One path takes care of SKB_GSO_DODGY, assuming
skb->len is bigger than hdr_le…
|
NVD-CWE-noinfo
|
CVE-2024-49948
|
2024-11-13 06:19 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1493
|
7.5 |
HIGH
Network
-
|
-
|
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing spec…
|
CWE-863
Incorrect Authorization
|
CVE-2024-10295
|
2024-11-13 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1494
|
4.7 |
MEDIUM
Local
|
linux-pam
|
linux-pam
|
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-10041
|
2024-11-13 06:15 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1495
|
- |
|
-
|
-
|
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this con…
|
CWE-94
Code Injection
|
CVE-2024-9050
|
2024-11-13 06:15 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1496
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix possible crash on mgmt_index_removed
If mgmt_index_removed is called while there are commands queued on
cmd_…
|
NVD-CWE-noinfo
|
CVE-2024-49951
|
2024-11-13 06:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1497
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: avoid potential underflow in qdisc_pkt_len_init() with UFO
After commit 7c6d2ecbda83 ("net: be more gentle about silly gso
r…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49949
|
2024-11-13 06:03 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1498
|
9.8 |
CRITICAL
Network
eyecix
|
jobsearch_wp_job_board
|
Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-47636
|
2024-11-13 05:52 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1499
|
9.8 |
CRITICAL
Network
eyecix
|
jobsearch_wp_job_board
|
Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.
|
CWE-862
Missing Authorization
|
CVE-2024-43929
|
2024-11-13 05:49 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1500
|
8.8 |
HIGH
Network
|
eyecix
|
jobsearch_wp_job_board
|
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4.
|
CWE-862
Missing Authorization
|
CVE-2024-43928
|
2024-11-13 05:49 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|