921
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "R…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-42000
|
2024-11-15 01:48 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
922
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels…
Update
|
NVD-CWE-noinfo
|
CVE-2024-52032
|
2024-11-15 01:47 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
923
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Initialize struct nfsd4_copy earlier
Ensure the refcount and async_copies fields are initialized early.
cleanup_async_copy(…
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-50241
|
2024-11-15 01:45 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
924
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
Avoid potentially crashing in the driver because of unini…
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-50237
|
2024-11-15 01:42 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
925
|
- |
|
-
|
-
|
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information lea…
Update
|
-
|
CVE-2024-11165
|
2024-11-15 01:35 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
926
|
- |
|
-
|
-
|
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server…
Update
|
-
|
CVE-2024-8068
|
2024-11-15 01:35 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
927
|
- |
|
-
|
-
|
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2…
Update
|
-
|
CVE-2024-44337
|
2024-11-15 01:35 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
928
|
- |
|
-
|
-
|
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.
Update
|
-
|
CVE-2023-47430
|
2024-11-15 01:35 |
2024-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
929
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath10k: Fix memory leak in management tx
In the current logic, memory is allocated for storing the MSDU context
during mana…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-50236
|
2024-11-15 01:29 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
930
|
7.5 |
HIGH
Network
tiangolo fastapiexpert encode
|
fastapi python-multipart starlette
|
`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attack…
Update
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-24762
|
2024-11-15 01:25 |
2024-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|