611
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length
I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long,…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-42154
|
2024-10-2 04:32 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
612
|
7.5 |
HIGH
Network
circutor
|
q-smt_firmware
|
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web app…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-8888
|
2024-10-2 04:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
613
|
7.8 |
HIGH
Local
|
grafana
|
alloy
|
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-r…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8975
|
2024-10-2 04:20 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
614
|
7.8 |
HIGH
Local
|
grafana
|
agent
|
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Agent Flow: before 0.43.2
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8996
|
2024-10-2 04:16 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
615
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw a…
New
|
CWE-59
Link Following
|
CVE-2024-9341
|
2024-10-2 04:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
616
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
New
|
-
|
CVE-2024-31835
|
2024-10-2 04:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
617
|
- |
|
-
|
-
|
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with …
Update
|
CWE-1288
Improper Validation of Consistency within Input
|
CVE-2024-5953
|
2024-10-2 04:15 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
618
|
- |
|
-
|
-
|
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
Update
|
-
|
CVE-2024-3657
|
2024-10-2 04:15 |
2024-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
619
|
- |
|
-
|
-
|
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2024-1062
|
2024-10-2 04:15 |
2024-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
620
|
7.5 |
HIGH
Network
openslides
|
openslides
|
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.
Update
|
CWE-326
Inadequate Encryption Strength
|
CVE-2024-22892
|
2024-10-2 04:10 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|