|
1811
|
2.7 |
LOW
Network
|
sap
|
netweaver_application_server_abap
|
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impa…
|
CWE-862
Missing Authorization
|
CVE-2024-41728
|
2024-09-16 23:14 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
Verify that lvts_data is not NULL before using it.
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42144
|
2024-09-16 23:12 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
8.8 |
HIGH
Network
|
themify
|
ultra
|
Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-46147
|
2024-09-16 23:11 |
2023-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
2.7 |
LOW
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiali…
|
CWE-863
Incorrect Authorization
|
CVE-2024-44114
|
2024-09-16 23:09 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1815
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver sh…
|
NVD-CWE-noinfo
|
CVE-2024-42137
|
2024-09-16 23:01 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cdrom: rearrange last_media_change check to avoid unintentional overflow
When running syzkaller with the newly reintroduced signe…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-42136
|
2024-09-16 22:54 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid overflows in dirty throttling logic
The dirty throttling logic is interspersed with assumptions that dirty
limits in PA…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-42131
|
2024-09-16 22:52 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL pointer check for kzalloc
[Why & How]
Check return pointer of kzalloc before using it.
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42122
|
2024-09-16 22:49 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1819
|
5.4 |
MEDIUM
Network
|
jayesh
|
online_exam_system
|
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "em…
|
CWE-79
Cross-site Scripting
|
CVE-2024-40478
|
2024-09-16 22:46 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
7.2 |
HIGH
Network
|
ivanti
|
cloud_services_appliance
|
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must ha…
|
CWE-78
OS Command
|
CVE-2024-8190
|
2024-09-16 22:44 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
