|
971
|
6.1 |
MEDIUM
Network
|
veritas
|
data_insight
|
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47854
|
2024-11-14 00:25 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
6.5 |
MEDIUM
Adjacent
|
zephyrproject
|
zephyr
|
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-6444
|
2024-11-14 00:24 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix null-ptr-deref in target_alloc_device()
There is a null-ptr-deref issue reported by KASAN:
BUG: KASAN: n…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50153
|
2024-11-14 00:23 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ACPI: PAD: fix crash in exit_round_robin()
The kernel occasionally crashes in cpumask_clear_cpu(), which is called
within exit_ro…
Update
|
NVD-CWE-noinfo
|
CVE-2024-49935
|
2024-11-14 00:21 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
4.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
It's observed that a crash occurs during hot-remove a memor…
Update
|
NVD-CWE-noinfo
|
CVE-2024-49934
|
2024-11-14 00:18 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
5.3 |
MEDIUM
Network
iowacomputergurus
|
aspnetcore.utilities.cloudstorage
|
ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with …
Update
|
NVD-CWE-noinfo
|
CVE-2024-50353
|
2024-11-14 00:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
977
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix possible double free in smb2_set_ea()
Clang static checker(scan-build) warning?
fs/smb/client/smb2ops.c:1304:2: …
Update
|
CWE-415
Double Free
|
CVE-2024-50152
|
2024-11-14 00:15 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
7.5 |
HIGH
Network
idurarapp
|
idurar
|
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is acc…
Update
|
CWE-22
CWE-23
Path Traversal
Relative Path Traversal
|
CVE-2024-47769
|
2024-11-14 00:12 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
979
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
blk_iocost: fix more out of bound shifts
Recently running UBSAN caught few out of bound shifts in the
ioc_forgive_debts() functio…
Update
|
NVD-CWE-noinfo
|
CVE-2024-49933
|
2024-11-14 00:09 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
9.8 |
CRITICAL
Network
yarpp
|
yet_another_related_posts_plugin
|
Access Control vulnerability in YARPP YARPP allows .
This issue affects YARPP: from n/a through 5.30.10.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-43919
|
2024-11-14 00:02 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
