|
111
|
7.5 |
HIGH
Network
ibm
|
aspera_faspex
|
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
Update
|
CWE-291
|
CVE-2023-35906
|
2024-09-21 03:15 |
2023-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
112
|
4.9 |
MEDIUM
Network
|
misp
|
misp
|
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-46918
|
2024-09-21 03:14 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
6.5 |
MEDIUM
Network
|
litellm
|
litellm
|
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, up…
Update
|
NVD-CWE-noinfo
|
CVE-2024-5710
|
2024-09-21 03:04 |
2024-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
9.8 |
CRITICAL
Network
litellm
|
litellm
|
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts env…
Update
|
CWE-94
Code Injection
|
CVE-2024-5751
|
2024-09-21 03:01 |
2024-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
115
|
7.2 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted …
Update
|
NVD-CWE-Other
|
CVE-2024-35154
|
2024-09-21 02:46 |
2024-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
4.7 |
MEDIUM
Network
|
openjsf
|
serve-static
|
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-43800
|
2024-09-21 02:36 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
4.3 |
MEDIUM
Network
|
ibm
|
concert
|
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this li…
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-43180
|
2024-09-21 02:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix get_stashed_dentry()
get_stashed_dentry() tries to optimistically retrieve a stashed dentry
from a provided location. …
Update
|
NVD-CWE-noinfo
|
CVE-2024-46801
|
2024-09-21 02:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
sch/netem: fix use after free in netem_dequeue
If netem_dequeue() enqueues packet to inner qdisc and that qdisc
returns __NET_XMI…
Update
|
CWE-416
Use After Free
|
CVE-2024-46800
|
2024-09-21 02:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: core: Prevent USB core invalid event buffer address access
This commit addresses an issue where the USB core could acc…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46675
|
2024-09-21 02:18 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
