|
2511
|
2.7 |
LOW
Network
|
nirmata
|
kyverno
|
Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By des…
|
CWE-863
Incorrect Authorization
|
CVE-2024-48921
|
2024-11-8 02:20 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2512
|
9.8 |
CRITICAL
Network
servicenow
|
servicenow
|
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context…
|
CWE-94
Code Injection
|
CVE-2024-8923
|
2024-11-8 02:18 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2513
|
7.5 |
HIGH
Network
servicenow
|
servicenow
|
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. Serv…
|
CWE-89
SQL Injection
|
CVE-2024-8924
|
2024-11-8 02:16 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2514
|
7.8 |
HIGH
Local
|
autodesk
|
autocad_architecture
autocad_electrical
autocad_mechanical
autocad_mep
autocad_plant_3d
civil_3d
advance_steel
autocad
|
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cau…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8587
|
2024-11-8 02:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2515
|
3.3 |
LOW
Local
|
hashicorp
|
vagrant_vmware_utility
|
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system wr…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-10228
|
2024-11-8 02:12 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2516
|
8.8 |
HIGH
Network
|
anisha
|
university_event_management_system
|
A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the arg…
|
CWE-89
SQL Injection
|
CVE-2024-10805
|
2024-11-8 02:09 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2517
|
6.5 |
MEDIUM
Network
|
tenda
|
i22_firmware
|
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-10750
|
2024-11-8 02:09 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2518
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
powerpc/bpf/32: Fix Oops on tail call tests
test_bpf tail call tests end up as:
test_bpf: #0 Tail call leaf jited:1 85 PASS
…
|
CWE-787
Out-of-bounds Write
|
CVE-2022-48998
|
2024-11-8 02:08 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2519
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
char: tpm: Protect tpm_pm_suspend with locks
Currently tpm transactions are executed unconditionally in
tpm_pm_suspend() function…
|
NVD-CWE-noinfo
|
CVE-2022-48997
|
2024-11-8 02:07 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2520
|
8.8 |
HIGH
Network
|
ithemelandco
|
woocommerce_report
|
The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settin…
|
CWE-352
Origin Validation Error
|
CVE-2024-10711
|
2024-11-8 02:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
