11
|
5.3 |
MEDIUM
Network
ivanti
|
connect_secure policy_secure
|
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests …
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-22023
|
2024-10-4 07:35 |
2024-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
12
|
- |
|
-
|
-
|
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
New
|
-
|
CVE-2024-41589
|
2024-10-4 06:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
- |
|
-
|
-
|
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component.
New
|
-
|
CVE-2024-41586
|
2024-10-4 06:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
Update
|
CWE-416
Use After Free
|
CVE-2023-51042
|
2024-10-4 06:35 |
2024-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
15
|
6.5 |
MEDIUM
Network
|
webassembly
|
binaryen
|
A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-s…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-18378
|
2024-10-4 06:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
16
|
9.8 |
CRITICAL
Network
nvki
|
intelligent_broadband_subscriber_gateway
|
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.
Update
|
CWE-77
Command Injection
|
CVE-2023-39809
|
2024-10-4 06:35 |
2023-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
17
|
- |
|
-
|
-
|
Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.
New
|
-
|
CVE-2024-46658
|
2024-10-4 06:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
- |
|
-
|
-
|
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder …
Update
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2024-7387
|
2024-10-4 06:15 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
- |
|
-
|
-
|
A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.
New
|
-
|
CVE-2024-44193
|
2024-10-4 05:35 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
20
|
5.4 |
MEDIUM
Network
|
arubanetworks
|
edgeconnect_sd-wan_orchestrator
|
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-37421
|
2024-10-4 05:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|