181
|
3.3 |
LOW
Local
|
gnu
|
tar
|
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat fro…
Update
|
CWE-125 CWE-401
Out-of-bounds Read Missing Release of Memory after Effective Lifetime
|
CVE-2021-20193
|
2024-10-25 03:15 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
182
|
5.0 |
MEDIUM
Network
|
git-scm
|
git
|
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be explo…
Update
|
CWE-20
Improper Input Validation
|
CVE-2018-1000021
|
2024-10-25 02:58 |
2018-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
183
|
7.5 |
HIGH
Network
mfasoft
|
secure_authentication_server
|
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows re…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-46937
|
2024-10-25 02:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
184
|
7.5 |
HIGH
Network
opendaylight
|
authentication\ _authorization_and_accounting
|
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue con…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46943
|
2024-10-25 02:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
185
|
- |
|
-
|
-
|
No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended …
Update
|
-
|
CVE-2024-40457
|
2024-10-25 02:35 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
186
|
6.7 |
MEDIUM
Local
|
crucial
|
mx500_firmware
|
Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42642
|
2024-10-25 02:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
187
|
- |
|
-
|
-
|
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
Update
|
-
|
CVE-2023-49721
|
2024-10-25 02:35 |
2024-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
188
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2023-0929
|
2024-10-25 02:35 |
2023-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
189
|
9.8 |
CRITICAL
Network
atlassian
|
jira_service_management jira_data_center jira_server
|
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versi…
Update
|
NVD-CWE-noinfo
|
CVE-2022-0540
|
2024-10-25 02:35 |
2022-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
190
|
4.3 |
MEDIUM
Physics
|
systemd_project netapp
|
systemd cn1610_firmware solidfire_\&_hci_management_node snapprotect
|
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This oc…
Update
|
NVD-CWE-noinfo
|
CVE-2018-20839
|
2024-10-25 02:34 |
2019-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|