|
891
|
8.8 |
HIGH
Network
|
pluginhandy
|
amadiscount
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pluginhandy AmaDiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through 1.0.
Update
|
CWE-89
SQL Injection
|
CVE-2024-51608
|
2024-11-15 02:14 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
892
|
4.8 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds
Update
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-36250
|
2024-11-15 02:11 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
893
|
5.4 |
MEDIUM
Network
|
elsner
|
emoji_shortcode
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elsner Technologies Pvt. Ltd. Emoji Shortcode allows Stored XSS.This issue affects Emoji S…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51609
|
2024-11-15 02:10 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
894
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fsdax: dax_unshare_iter needs to copy entire blocks
The code that copies data from srcmap to iomap in dax_unshare_iter is
very ve…
Update
|
NVD-CWE-noinfo
|
CVE-2024-50250
|
2024-11-15 02:04 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
895
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Make rmw_lock a raw_spin_lock
The following BUG was triggered:
=============================
[ BUG: Invalid wait con…
Update
|
NVD-CWE-noinfo
|
CVE-2024-50249
|
2024-11-15 02:01 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
896
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend
Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisati…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50239
|
2024-11-15 01:59 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
897
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend
Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation")
r…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50238
|
2024-11-15 01:58 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
898
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "R…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-42000
|
2024-11-15 01:48 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
899
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels…
Update
|
NVD-CWE-noinfo
|
CVE-2024-52032
|
2024-11-15 01:47 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
900
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Initialize struct nfsd4_copy earlier
Ensure the refcount and async_copies fields are initialized early.
cleanup_async_copy(…
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-50241
|
2024-11-15 01:45 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
