1751
|
- |
|
-
|
-
|
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigur…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-3653
|
2024-09-24 05:15 |
2024-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1752
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local …
|
CWE-416
Use After Free
|
CVE-2024-0582
|
2024-09-24 05:15 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1753
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-27795
|
2024-09-24 05:01 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1754
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-27858
|
2024-09-24 04:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1755
|
7.1 |
HIGH
Local
|
acronis
|
agent
|
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343.
|
CWE-862
Missing Authorization
|
CVE-2023-45246
|
2024-09-24 04:54 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1756
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.
|
NVD-CWE-noinfo
|
CVE-2024-23237
|
2024-09-24 04:53 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1757
|
7.2 |
HIGH
Network
|
litellm
|
litellm
|
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elem…
|
CWE-89
SQL Injection
|
CVE-2024-5225
|
2024-09-24 04:46 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1758
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading…
|
NVD-CWE-noinfo
|
CVE-2023-5256
|
2024-09-24 04:35 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1759
|
4.8 |
MEDIUM
Network
|
ritecms
|
ritecms
|
Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.
|
CWE-79
Cross-site Scripting
|
CVE-2023-43879
|
2024-09-24 04:35 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1760
|
5.3 |
MEDIUM
Network
oracle
|
access_manager
|
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2022-39405
|
2024-09-24 04:35 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|