|
911
|
6.2 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
If access to offset + length is larger than the …
Update
|
NVD-CWE-noinfo
|
CVE-2024-50251
|
2024-11-15 02:31 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
912
|
8.8 |
HIGH
Network
|
blrt
|
blrt_wp_embed
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through 1.6.9.
Update
|
CWE-89
SQL Injection
|
CVE-2024-51606
|
2024-11-15 02:17 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
913
|
5.4 |
MEDIUM
Network
|
sap
|
commerce_backoffice
|
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45278
|
2024-11-15 02:17 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
914
|
8.8 |
HIGH
Network
|
pluginhandy
|
amadiscount
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pluginhandy AmaDiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through 1.0.
Update
|
CWE-89
SQL Injection
|
CVE-2024-51608
|
2024-11-15 02:14 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
915
|
4.8 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds
Update
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-36250
|
2024-11-15 02:11 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
916
|
5.4 |
MEDIUM
Network
|
elsner
|
emoji_shortcode
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elsner Technologies Pvt. Ltd. Emoji Shortcode allows Stored XSS.This issue affects Emoji S…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51609
|
2024-11-15 02:10 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
917
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fsdax: dax_unshare_iter needs to copy entire blocks
The code that copies data from srcmap to iomap in dax_unshare_iter is
very ve…
Update
|
NVD-CWE-noinfo
|
CVE-2024-50250
|
2024-11-15 02:04 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
918
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Make rmw_lock a raw_spin_lock
The following BUG was triggered:
=============================
[ BUG: Invalid wait con…
Update
|
NVD-CWE-noinfo
|
CVE-2024-50249
|
2024-11-15 02:01 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
919
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend
Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisati…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50239
|
2024-11-15 01:59 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
920
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend
Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation")
r…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50238
|
2024-11-15 01:58 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
