1081
|
5.4 |
MEDIUM
Network
|
gestsup
|
gestsup
|
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
|
CWE-79
Cross-site Scripting
|
CVE-2023-52059
|
2024-10-5 01:51 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1082
|
9.8 |
CRITICAL
Network
siemens
|
polarion_alm
|
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker…
|
CWE-287
Improper Authentication
|
CVE-2024-23813
|
2024-10-5 01:50 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1083
|
8.8 |
HIGH
Network
|
siemens
|
sinec_nms
|
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command inject…
|
CWE-78
OS Command
|
CVE-2024-23812
|
2024-10-5 01:47 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1084
|
8.8 |
HIGH
Adjacent
|
siemens
|
sinec_nms
|
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-23811
|
2024-10-5 01:46 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1085
|
9.8 |
CRITICAL
Network
siemens
|
sinec_nms
|
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arb…
|
CWE-89
SQL Injection
|
CVE-2024-23810
|
2024-10-5 01:46 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1086
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: core: Check for unset descriptor
Make sure the descriptor has been set before looking at maxpacket.
This fixes a nul…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-44960
|
2024-10-5 01:44 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1087
|
7.8 |
HIGH
Local
|
randygaul
|
cute_png
|
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46258
|
2024-10-5 01:41 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1088
|
7.8 |
HIGH
Local
|
randygaul
|
cute_png
|
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46261
|
2024-10-5 01:40 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1089
|
7.8 |
HIGH
Local
|
randygaul
|
cute_png
|
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46259
|
2024-10-5 01:40 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1090
|
7.8 |
HIGH
Local
|
randygaul
|
cute_png
|
cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46263
|
2024-10-5 01:39 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|