1
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
selinux,smack: don't bypass permissions check in inode_setsecctx hook
Marek Gresko reports that the root user on an NFS client is…
Update
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-46695
|
2024-09-20 02:59 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
5.3 |
MEDIUM
Network
apple
|
visionos
|
The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.
Update
|
NVD-CWE-noinfo
|
CVE-2024-40865
|
2024-09-20 02:58 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
3
|
6.1 |
MEDIUM
Network
|
c-mor
|
c-mor
|
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45176
|
2024-09-20 02:56 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: ensure that nfsd4_fattr_args.context is zeroed out
If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to
check…
Update
|
CWE-665
Improper Initialization
|
CVE-2024-46697
|
2024-09-20 02:53 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
9.8 |
CRITICAL
Network
flycass
|
flycass
|
FlyCASS CASS and KCM systems did not correctly filter SQL queries, which
made them vulnerable to attack by outside attackers with no
authentication.
Update
|
CWE-89
SQL Injection
|
CVE-2024-8395
|
2024-09-20 02:53 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
6
|
4.4 |
MEDIUM
Local
|
tcpdump
|
libpcap
|
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the…
Update
|
CWE-415
Double Free
|
CVE-2023-7256
|
2024-09-20 02:53 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel
…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46706
|
2024-09-20 02:51 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
8.8 |
HIGH
Adjacent
|
actiontec
|
wcb6200q_firmware
|
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6…
Update
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2024-6145
|
2024-09-20 02:50 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
8.8 |
HIGH
Adjacent
|
actiontec
|
wcb6200q_firmware
|
Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affect…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-6146
|
2024-09-20 02:50 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
8.8 |
HIGH
Adjacent
|
actiontec
|
wcb6200q_firmware
|
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected insta…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-6144
|
2024-09-20 02:48 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|