491
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tracing/timerlat: Only clear timer if a kthread exists
The timerlat tracer can use user space threads to check for osnoise and
ti…
Update
|
CWE-416
Use After Free
|
CVE-2024-46845
|
2024-10-2 23:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
492
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm: vmalloc: ensure vmap_block is initialised before adding to queue
Commit 8c61291fd850 ("mm: fix incorrect vbq reference in
pur…
Update
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46847
|
2024-10-2 23:16 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
493
|
9.8 |
CRITICAL
Network
vmware
|
vcenter_server
|
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sendi…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-38812
|
2024-10-2 23:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
494
|
- |
|
-
|
-
|
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.
New
|
-
|
CVE-2024-8885
|
2024-10-2 23:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
495
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
When disabling wifi mt7921_ipv6_addr_change() is called as…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46860
|
2024-10-2 23:04 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
496
|
9.8 |
CRITICAL
Network
vmware
|
vcenter_server
|
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a sp…
Update
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2024-38813
|
2024-10-2 22:59 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
497
|
5.3 |
MEDIUM
Network
apache
|
druid
|
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.
This could allow an attacker to manipulate a pac4j session cookie.
This issue affects Apache Druid versions 0.18.0 through 30.0.0…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45384
|
2024-10-2 22:57 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
498
|
6.1 |
MEDIUM
Network
|
tebilisim
|
v5
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-2010
|
2024-10-2 22:52 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
499
|
- |
|
-
|
-
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role c…
New
|
CWE-79 CWE-116 CWE-434
Cross-site Scripting Improper Encoding or Escaping of Output Unrestricted Upload of File with Dangerous Type
|
CVE-2024-47528
|
2024-10-2 22:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
500
|
9.8 |
CRITICAL
Network
phpgurukul
|
online_shopping_portal
|
A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. …
Update
|
CWE-89
SQL Injection
|
CVE-2024-9326
|
2024-10-2 22:33 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|