|
351
|
- |
|
-
|
-
|
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin…
New
|
-
|
CVE-2024-46293
|
2024-10-1 00:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
- |
|
-
|
-
|
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.
New
|
-
|
CVE-2024-46280
|
2024-10-1 00:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profil…
New
|
CWE-200
Information Exposure
|
CVE-2024-45792
|
2024-10-1 00:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gpio: prevent potential speculation leaks in gpio_device_get_desc()
Userspace may trigger a speculative read of an address outsid…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44931
|
2024-10-1 00:15 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
4.6 |
MEDIUM
Physics
|
proges
|
sensor_net_connect_firmware_v2
|
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security…
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-3082
|
2024-10-1 00:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
5.5 |
MEDIUM
Local
|
proges
|
thermoscan_ip
|
A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition o…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-31203
|
2024-10-1 00:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
7.8 |
HIGH
Local
|
proges
|
thermoscan_ip
|
A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-31202
|
2024-10-1 00:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
xattr in ocfs2 maybe 'non-indexed', which saved with addition…
Update
|
-
|
CVE-2024-41016
|
2024-10-1 00:15 |
2024-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
5.5 |
MEDIUM
Local
|
linux
fedoraproject
|
linux_kernel
fedora
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: walk over current view on netlink dump
The generation mask can be updated while netlink dump is in pro…
Update
|
NVD-CWE-noinfo
|
CVE-2024-27017
|
2024-10-1 00:15 |
2024-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
4.2 |
MEDIUM
Network
|
tyan
|
s5552\/s5552wgm4nr-ex_firmware
s5552\/s5552wgm4nr_firmware
s5552\/s5552gm4nr_firmware
s5552\/s5552gm2nr_firmware
|
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TL…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2023-2538
|
2024-10-1 00:15 |
2023-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
