1111
|
6.5 |
MEDIUM
Network
|
zoom
|
meeting_software_development_kit zoom vdi_windows_meeting_clients
|
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via …
|
NVD-CWE-noinfo
|
CVE-2024-24695
|
2024-10-5 00:44 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1112
|
9.8 |
CRITICAL
Network
zoom
|
meeting_software_development_kit zoom vdi_windows_meeting_clients rooms
|
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via…
|
NVD-CWE-noinfo
|
CVE-2024-24691
|
2024-10-5 00:43 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1113
|
6.7 |
MEDIUM
Local
|
linuxfoundation rdkcentral google openwrt
|
yocto rdk-b android openwrt
|
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-20832
|
2024-10-5 00:35 |
2023-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1114
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
dc_state_destruct() nulls the resource context of the…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46850
|
2024-10-5 00:30 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1115
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Limit the period on Haswell
Running the ltp test cve-2015-3290 concurrently reports the following
warnings.
perf…
|
NVD-CWE-noinfo
|
CVE-2024-46848
|
2024-10-5 00:23 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1116
|
7.5 |
HIGH
Network
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote…
|
CWE-476 CWE-400
NULL Pointer Dereference Uncontrolled Resource Consumption
|
CVE-2024-8454
|
2024-10-5 00:11 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1117
|
4.9 |
MEDIUM
Network
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files …
|
CWE-328 CWE-759
Use of Weak Hash Use of a One-Way Hash without a Salt
|
CVE-2024-8453
|
2024-10-5 00:10 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1118
|
7.5 |
HIGH
Network
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 …
|
CWE-327 CWE-328
Use of a Broken or Risky Cryptographic Algorithm Use of Weak Hash
|
CVE-2024-8452
|
2024-10-5 00:10 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1119
|
7.5 |
HIGH
Network
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakn…
|
CWE-400 CWE-280
Uncontrolled Resource Consumption Improper Handling of Insufficient Permissions or Privileges
|
CVE-2024-8451
|
2024-10-5 00:09 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1120
|
9.8 |
CRITICAL
Network
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-8450
|
2024-10-5 00:08 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|