61
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
Ensure index in rtl2830_pid_filter does not exceed 31 to …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2024-47697
|
2024-10-24 05:51 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
62
|
5.4 |
MEDIUM
Network
|
hasthemes
|
wp_education
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a throug…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-49630
|
2024-10-24 05:44 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
63
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
syzbot reports a f2fs bug as below:
__dump_stack lib/dump_stack.c:88…
New
|
CWE-416
Use After Free
|
CVE-2024-47691
|
2024-10-24 05:42 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
64
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Use reserved copy engine for user binds on faulting devices
User binds map to engines with can fault, faults depend on us…
New
|
NVD-CWE-noinfo
|
CVE-2024-47729
|
2024-10-24 05:40 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
65
|
9.8 |
CRITICAL
Network
piyushmca
|
shipyaari_shipping_management
|
Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through 1.2.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-49626
|
2024-10-24 05:37 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
66
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT}…
New
|
CWE-459
Incomplete Cleanup
|
CVE-2024-47728
|
2024-10-24 05:36 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
67
|
6.1 |
MEDIUM
Network
|
thinkific
|
thinkific
|
Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: Affected Source code of the websi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2020-35698
|
2024-10-24 05:35 |
2023-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
68
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security…
Update
|
NVD-CWE-Other
|
CVE-2021-30558
|
2024-10-24 05:35 |
2023-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
69
|
9.6 |
CRITICAL
Network
|
google debian
|
chrome debian_linux
|
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a c…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2022-3890
|
2024-10-24 05:35 |
2022-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
70
|
8.8 |
HIGH
Network
|
google debian
|
chrome debian_linux
|
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-843
Type Confusion
|
CVE-2022-3889
|
2024-10-24 05:35 |
2022-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|