2161
|
4.4 |
MEDIUM
Local
|
dell
|
data_domain_operating_system
|
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading…
|
CWE-89
SQL Injection
|
CVE-2024-29174
|
2024-09-24 06:00 |
2024-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2162
|
8.8 |
HIGH
Network
|
dedecms
|
dedecms
|
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-43226
|
2024-09-24 05:35 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2163
|
5.4 |
MEDIUM
Network
|
e107
|
e107_cms
|
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Ta…
|
CWE-79
Cross-site Scripting
|
CVE-2023-43874
|
2024-09-24 05:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2164
|
7.8 |
HIGH
Local
|
binalyze
|
irec
|
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.
|
NVD-CWE-noinfo
|
CVE-2023-41444
|
2024-09-24 05:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2165
|
7.2 |
HIGH
Network
|
fileorganizer
|
fileorganizer
|
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
|
-
|
CVE-2023-3664
|
2024-09-24 05:35 |
2023-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2166
|
7.5 |
HIGH
Network
oracle
|
sales_for_handhelds
|
Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Supported versions that are affected are 12.2.3-12.2.12. Easily exploit…
|
NVD-CWE-noinfo
|
CVE-2023-21855
|
2024-09-24 05:35 |
2023-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2167
|
- |
|
-
|
-
|
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:
?Product
Affected Versions
LoadMaster
From 7.…
|
CWE-20
Improper Input Validation
|
CVE-2024-6658
|
2024-09-24 05:15 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2168
|
- |
|
-
|
-
|
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigur…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-3653
|
2024-09-24 05:15 |
2024-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2169
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local …
|
CWE-416
Use After Free
|
CVE-2024-0582
|
2024-09-24 05:15 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2170
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-27795
|
2024-09-24 05:01 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|