31
|
4.9 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-37280
|
2024-10-4 04:37 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
4.6 |
MEDIUM
Physics
|
motorola
|
vigilant_fixed_lpr_coms_box_firmware
|
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-38280
|
2024-10-4 04:36 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
- |
|
-
|
-
|
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
New
|
-
|
CVE-2024-41596
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
- |
|
-
|
-
|
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.
New
|
-
|
CVE-2024-41595
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
- |
|
-
|
-
|
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
New
|
-
|
CVE-2024-41592
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
- |
|
-
|
-
|
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.
New
|
-
|
CVE-2024-41584
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
- |
|
-
|
-
|
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name.
New
|
-
|
CVE-2024-41583
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
7.5 |
HIGH
Adjacent
|
samsung
|
syncthru_web_service
|
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
Update
|
NVD-CWE-noinfo
|
CVE-2021-35309
|
2024-10-4 04:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
8.8 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-2137
|
2024-10-4 04:35 |
2023-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
7.5 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafte…
Update
|
CWE-416
Use After Free
|
CVE-2023-2135
|
2024-10-4 04:35 |
2023-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|