811
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm, slub: do not call do_slab_free for kfence object
In 782f8906f805 the freeing of kfence objects was moved from deep
inside do_…
|
NVD-CWE-noinfo
|
CVE-2024-44973
|
2024-10-3 23:23 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
812
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
When all the strides in a WQE have been consumed, the WQE is unlinked
from t…
|
NVD-CWE-noinfo
|
CVE-2024-44970
|
2024-10-3 23:22 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
813
|
7.5 |
HIGH
Network
cisco
|
ios_xr
|
A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-20304
|
2024-10-3 23:20 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
814
|
8.4 |
HIGH
Local
|
motorola
|
ebts_site_controller_firmware mbts_site_controller_firmware
|
Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2023-23774
|
2024-10-3 23:15 |
2023-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
815
|
9.8 |
CRITICAL
Network
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
|
CWE-77
Command Injection
|
CVE-2024-7575
|
2024-10-3 22:52 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
816
|
9.8 |
CRITICAL
Network
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-7576
|
2024-10-3 22:51 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
817
|
8.1 |
HIGH
Network
|
prestashop
|
prestashop
|
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-41651
|
2024-10-3 22:45 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
818
|
7.5 |
HIGH
Network
cisco
|
ios ios_xe
|
A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to relo…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-20433
|
2024-10-3 22:34 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
819
|
9.8 |
CRITICAL
Network
tduckcloud
|
tduckpro
|
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The at…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-8692
|
2024-10-3 22:17 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
820
|
- |
|
-
|
-
|
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, …
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-3727
|
2024-10-3 22:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|