|
2241
|
9.8 |
CRITICAL
Network
dlink
|
dns-320_firmware
dns-320lw_firmware
dns-325_firmware
dns-340l_firmware
|
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/ac…
|
CWE-78
OS Command
|
CVE-2024-10915
|
2024-11-9 05:11 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2242
|
5.4 |
MEDIUM
Network
|
envothemes
|
envo\'s_elementor_templates_\&_widgets_for_woocommerce
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This iss…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50447
|
2024-11-9 05:07 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2243
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: Fix UAF on sco_sock_timeout
conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock
so this check…
|
CWE-416
Use After Free
|
CVE-2024-50125
|
2024-11-9 05:04 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2244
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix UAF on iso_sock_timeout
conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock
so this check…
|
CWE-416
Use After Free
|
CVE-2024-50124
|
2024-11-9 05:04 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2245
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add the missing BPF_LINK_TYPE invocation for sockmap
There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockma…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50123
|
2024-11-9 05:03 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2246
|
9.8 |
CRITICAL
Network
dlink
|
dns-320_firmware
dns-320lw_firmware
dns-325_firmware
dns-340l_firmware
|
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file …
|
CWE-78
CWE-74
CWE-707
OS Command
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2024-10914
|
2024-11-9 04:53 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2247
|
5.4 |
MEDIUM
Network
|
f5
|
nginx_ingress_controller
nginx_instance_manager
nginx_api_connectivity_manager
nginx_openid_connect
|
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an…
|
CWE-384
Session Fixation
|
CVE-2024-10318
|
2024-11-9 04:51 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2248
|
5.3 |
MEDIUM
Network
erudika
|
scoold
|
Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-50334
|
2024-11-9 04:51 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2249
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: fix global oob in wwan_rtnl_policy
The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to
a global o…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50128
|
2024-11-9 04:39 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2250
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential hang in nilfs_detach_log_writer()
Syzbot has reported a potential hang in nilfs_detach_log_writer() called
…
|
-
|
CVE-2024-38582
|
2024-11-9 04:35 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
