|
1701
|
9.8 |
CRITICAL
Network
solarwinds
|
access_rights_manager
|
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-28990
|
2024-09-17 03:05 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1702
|
5.4 |
MEDIUM
Network
|
mindsdb
|
mindsdb
|
A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45856
|
2024-09-17 03:04 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1703
|
7.5 |
HIGH
Network
|
mindsdb
|
mindsdb
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘fi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45855
|
2024-09-17 03:03 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1704
|
7.5 |
HIGH
Network
|
mindsdb
|
mindsdb
|
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘descri…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45854
|
2024-09-17 03:02 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1705
|
7.5 |
HIGH
Network
|
mindsdb
|
mindsdb
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45853
|
2024-09-17 02:59 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1706
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fuse: Initialize beyond-EOF page contents before setting uptodate
fuse_notify_store(), unlike fuse_do_readpage(), does not enable…
|
CWE-665
Improper Initialization
|
CVE-2024-44947
|
2024-09-17 02:52 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1707
|
8.8 |
HIGH
Network
|
mindsdb
|
mindsdb
|
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45852
|
2024-09-17 02:51 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1708
|
5.5 |
MEDIUM
Local
|
adobe
|
indesign
|
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabi…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-34127
|
2024-09-17 02:48 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1709
|
4.6 |
MEDIUM
Physics
|
talyabilisim
|
travel_apps
|
Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
|
NVD-CWE-noinfo
|
CVE-2024-1153
|
2024-09-17 02:39 |
2024-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1710
|
8.8 |
HIGH
Network
|
mindsdb
|
mindsdb
|
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea…
|
CWE-94
Code Injection
|
CVE-2024-45851
|
2024-09-17 02:36 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
