2491
|
7.8 |
HIGH
Local
|
binalyze
|
irec
|
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.
|
NVD-CWE-noinfo
|
CVE-2023-41444
|
2024-09-24 05:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2492
|
7.2 |
HIGH
Network
|
fileorganizer
|
fileorganizer
|
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
|
-
|
CVE-2023-3664
|
2024-09-24 05:35 |
2023-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2493
|
7.5 |
HIGH
Network
oracle
|
sales_for_handhelds
|
Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Supported versions that are affected are 12.2.3-12.2.12. Easily exploit…
|
NVD-CWE-noinfo
|
CVE-2023-21855
|
2024-09-24 05:35 |
2023-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2494
|
- |
|
-
|
-
|
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:
?Product
Affected Versions
LoadMaster
From 7.…
|
CWE-20
Improper Input Validation
|
CVE-2024-6658
|
2024-09-24 05:15 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2495
|
- |
|
-
|
-
|
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigur…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-3653
|
2024-09-24 05:15 |
2024-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2496
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local …
|
CWE-416
Use After Free
|
CVE-2024-0582
|
2024-09-24 05:15 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2497
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-27795
|
2024-09-24 05:01 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2498
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-27858
|
2024-09-24 04:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2499
|
7.1 |
HIGH
Local
|
acronis
|
agent
|
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343.
|
CWE-862
Missing Authorization
|
CVE-2023-45246
|
2024-09-24 04:54 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2500
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.
|
NVD-CWE-noinfo
|
CVE-2024-23237
|
2024-09-24 04:53 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|