1851
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.…
|
CWE-416
Use After Free
|
CVE-2024-6064
|
2024-09-26 00:08 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1852
|
9.8 |
CRITICAL
Network
freeimage_project
|
freeimage
|
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-31570
|
2024-09-25 23:57 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1853
|
9.8 |
CRITICAL
Network
spx
|
spx_graphics_controller
|
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.
|
CWE-94
Code Injection
|
CVE-2024-44623
|
2024-09-25 23:53 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1854
|
8.8 |
HIGH
Network
|
ontraport
|
pilotpress
|
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30.
|
CWE-862
Missing Authorization
|
CVE-2024-23524
|
2024-09-25 23:48 |
2024-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1855
|
9.8 |
CRITICAL
Network
ergophone yealink
|
tiptel_ip_286_firmware sip-t28p_firmware
|
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
|
CWE-22
Path Traversal
|
CVE-2024-33109
|
2024-09-25 23:47 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1856
|
9.8 |
CRITICAL
Network
closed-loop
|
cless_server
|
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the u…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-40125
|
2024-09-25 23:46 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1857
|
8.8 |
HIGH
Network
|
awplife
|
album_gallery
|
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.
|
CWE-862
Missing Authorization
|
CVE-2024-35720
|
2024-09-25 23:46 |
2024-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1858
|
8.8 |
HIGH
Network
|
awplife
|
media_slider
|
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, …
|
CWE-862
Missing Authorization
|
CVE-2024-35717
|
2024-09-25 23:46 |
2024-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1859
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid overflows in dirty throttling logic
The dirty throttling logic is interspersed with assumptions that dirty
limits in PA…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-42131
|
2024-09-25 23:45 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1860
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix double free err_addr pointer warnings
In amdgpu_umc_bad_page_polling_timeout, the amdgpu_umc_handle_bad_pages
wil…
|
CWE-415
Double Free
|
CVE-2024-42123
|
2024-09-25 23:45 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|