701
|
5.3 |
MEDIUM
Network
ivanti
|
connect_secure policy_secure
|
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests …
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-22023
|
2024-10-4 07:35 |
2024-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
702
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
|
CWE-416
Use After Free
|
CVE-2023-51042
|
2024-10-4 06:35 |
2024-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
703
|
6.5 |
MEDIUM
Network
|
webassembly
|
binaryen
|
A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-s…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-18378
|
2024-10-4 06:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
704
|
9.8 |
CRITICAL
Network
nvki
|
intelligent_broadband_subscriber_gateway
|
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.
|
CWE-77
Command Injection
|
CVE-2023-39809
|
2024-10-4 06:35 |
2023-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
705
|
- |
|
-
|
-
|
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder …
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2024-7387
|
2024-10-4 06:15 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
706
|
5.4 |
MEDIUM
Network
|
arubanetworks
|
edgeconnect_sd-wan_orchestrator
|
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an …
|
CWE-79
Cross-site Scripting
|
CVE-2023-37421
|
2024-10-4 05:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
707
|
7.5 |
HIGH
Network
realtek
|
rtl8812au_firmware
|
An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.
|
NVD-CWE-noinfo
|
CVE-2020-26652
|
2024-10-4 05:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
708
|
5.5 |
MEDIUM
Local
|
ogg_video_tools_project
|
ogg_video_tools
|
A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening…
|
NVD-CWE-noinfo
|
CVE-2020-21723
|
2024-10-4 05:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
709
|
4.3 |
MEDIUM
Network
|
multiparcels
|
multiparcels_shipping_for_woocommerce
|
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment vi…
|
-
|
CVE-2023-3366
|
2024-10-4 05:35 |
2023-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
710
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap …
|
CWE-416
Use After Free
|
CVE-2023-2458
|
2024-10-4 05:35 |
2023-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|