|
901
|
8.3 |
HIGH
Network
|
proges
|
sensor_net_connect_firmware_v2
|
A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a…
|
CWE-352
Origin Validation Error
|
CVE-2024-3083
|
2024-09-30 23:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
6.1 |
MEDIUM
Network
|
proges
|
sensor_net_connect_firmware_v2
|
A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2024-31199
|
2024-09-30 23:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
6.5 |
MEDIUM
Network
|
ibm
|
storage_defender
|
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-38324
|
2024-09-30 23:10 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
5.3 |
MEDIUM
Network
|
tinfoilsecurity
|
devise-two-factor
|
Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret…
|
CWE-331
Insufficient Entropy
|
CVE-2024-8796
|
2024-09-30 23:10 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
6.5 |
MEDIUM
Network
|
rubayathasan
|
infolinks_ad_wrap
|
The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-8044
|
2024-09-30 23:03 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
9.8 |
CRITICAL
Network
myoffice
|
my_office_sdk
|
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47222
|
2024-09-30 23:02 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
907
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove
The following warning is seen during bwmon_remove due to re…
|
NVD-CWE-Other
|
CVE-2024-43850
|
2024-09-30 22:57 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
5.9 |
MEDIUM
Network
|
planetfitness
|
planet_fitness_workouts
|
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network acce…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-43201
|
2024-09-30 22:55 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
In rtw89_sta_info_get_iter() 'status->he_gi' is compared to arr…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-43842
|
2024-09-30 22:55 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iio: Fix the sorting functionality in iio_gts_build_avail_time_table
The sorting in iio_gts_build_avail_time_table is not working…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43825
|
2024-09-30 22:53 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
