1961
|
5.4 |
MEDIUM
Network
|
deathbreak
|
drug
|
A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user para…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44837
|
2024-09-13 01:17 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1962
|
- |
|
-
|
-
|
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
|
-
|
CVE-2024-45440
|
2024-09-13 01:15 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1963
|
7.5 |
HIGH
Network
dataflowx
|
datadiodex
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before…
|
CWE-22
Path Traversal
|
CVE-2024-6445
|
2024-09-13 01:14 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1964
|
9.8 |
CRITICAL
Network
dlink
|
di-8100g_firmware
|
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
|
CWE-77
Command Injection
|
CVE-2024-44401
|
2024-09-13 01:09 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1965
|
5.3 |
MEDIUM
Network
hyperledger
|
fabric
|
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window.
|
NVD-CWE-noinfo
|
CVE-2024-45244
|
2024-09-13 01:07 |
2024-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1966
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
Fix a use-after-free that occurs in hcd when in_urb sent from…
|
CWE-416
Use After Free
|
CVE-2023-52907
|
2024-09-13 01:06 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1967
|
9.1 |
CRITICAL
Network
openhab
|
openhab
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB …
|
CWE-862
Missing Authorization
|
CVE-2024-42470
|
2024-09-13 01:04 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1968
|
9.8 |
CRITICAL
Network
openhab
|
openhab
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authenti…
|
CWE-22
Path Traversal
|
CVE-2024-42469
|
2024-09-13 01:02 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1969
|
7.5 |
HIGH
Network
openhab
|
openhab
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated…
|
CWE-22
Path Traversal
|
CVE-2024-42468
|
2024-09-13 01:01 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1970
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
Calculating the size of the mapped area as the lesser value
betwe…
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2024-42259
|
2024-09-13 01:00 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|