1851
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cdrom: rearrange last_media_change check to avoid unintentional overflow
When running syzkaller with the newly reintroduced signe…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-42136
|
2024-09-16 22:54 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1852
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid overflows in dirty throttling logic
The dirty throttling logic is interspersed with assumptions that dirty
limits in PA…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-42131
|
2024-09-16 22:52 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1853
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL pointer check for kzalloc
[Why & How]
Check return pointer of kzalloc before using it.
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42122
|
2024-09-16 22:49 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1854
|
5.4 |
MEDIUM
Network
|
jayesh
|
online_exam_system
|
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "em…
|
CWE-79
Cross-site Scripting
|
CVE-2024-40478
|
2024-09-16 22:46 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1855
|
7.2 |
HIGH
Network
|
ivanti
|
cloud_services_appliance
|
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must ha…
|
CWE-78
OS Command
|
CVE-2024-8190
|
2024-09-16 22:44 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1856
|
8.8 |
HIGH
Network
|
themify
|
ultra
|
Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
|
CWE-862
Missing Authorization
|
CVE-2023-46146
|
2024-09-16 22:40 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1857
|
8.8 |
HIGH
Network
|
themify
|
ultra
|
Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
|
CWE-862
Missing Authorization
|
CVE-2023-46148
|
2024-09-16 22:39 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1858
|
8.8 |
HIGH
Network
|
elastic
|
kibana
|
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Secu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-37288
|
2024-09-16 22:29 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1859
|
6.1 |
MEDIUM
Network
|
uniong
|
webitr
|
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, ca…
|
CWE-601
Open Redirect
|
CVE-2024-8586
|
2024-09-16 22:28 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1860
|
4.3 |
MEDIUM
Network
|
istyle
|
\@cosme
|
Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to …
|
NVD-CWE-noinfo
|
CVE-2024-45203
|
2024-09-16 22:27 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|