281
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: the warning dereferencing obj for nbio_v7_4
if ras_manager obj null, don't print NBIO err data
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46819
|
2024-10-5 02:11 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
282
|
5.4 |
MEDIUM
Network
|
oceanicsoft
|
valeapp
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8608
|
2024-10-5 02:11 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
283
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Fix negative array index read
Avoid using the negative values
for clk_idex as an index into an array pptable->DpmDesc…
Update
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46821
|
2024-10-5 02:06 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
284
|
6.5 |
MEDIUM
Network
|
zoom
|
zoom vdi_windows_meeting_clients rooms meeting_sdk
|
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
Update
|
NVD-CWE-noinfo
|
CVE-2024-24699
|
2024-10-5 01:56 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
285
|
5.4 |
MEDIUM
Network
|
mappresspro
|
mappress_maps_for_wordpress
|
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Store…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-0420
|
2024-10-5 01:53 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
286
|
6.5 |
MEDIUM
Network
|
zoom
|
zoom meeting_software_development_kit video_software_development_kit rooms vdi_windows_meeting_clients
|
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-24690
|
2024-10-5 01:52 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
287
|
5.3 |
MEDIUM
Network
mappresspro
|
mappress_maps_for_wordpress
|
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-0421
|
2024-10-5 01:52 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
288
|
5.4 |
MEDIUM
Network
|
gestsup
|
gestsup
|
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-52059
|
2024-10-5 01:51 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
289
|
9.8 |
CRITICAL
Network
siemens
|
polarion_alm
|
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker…
Update
|
CWE-287
Improper Authentication
|
CVE-2024-23813
|
2024-10-5 01:50 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
290
|
8.8 |
HIGH
Network
|
siemens
|
sinec_nms
|
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command inject…
Update
|
CWE-78
OS Command
|
CVE-2024-23812
|
2024-10-5 01:47 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|