21
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
um: Fix potential integer overflow during physmem setup
This issue happens when the real map size is greater than LONG_MAX,
which…
New
|
-
|
CVE-2024-53145
|
2024-12-24 21:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
22
|
- |
|
-
|
-
|
Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server.
This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0.
Users are recommended to upgrade to ve…
New
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2024-43441
|
2024-12-24 21:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
svcrdma: Address an integer overflow
Dan Carpenter reports:
> Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data
> str…
New
|
-
|
CVE-2024-53151
|
2024-12-24 21:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
24
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current USB-audio driver code doesn't check bLength of ea…
New
|
-
|
CVE-2024-53150
|
2024-12-24 21:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
25
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, an…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12268
|
2024-12-24 20:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in a…
New
|
CWE-89
SQL Injection
|
CVE-2024-11726
|
2024-12-24 20:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due …
New
|
CWE-89
SQL Injection
|
CVE-2024-10856
|
2024-12-24 20:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
28
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 d…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10584
|
2024-12-24 20:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitizat…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8721
|
2024-12-24 19:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
30
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
x86/xen: don't do PV iret hypercall through hypercall page
Instead of jumping to the Xen hypercall page for doing the iret
hyperc…
New
|
-
|
CVE-2024-53241
|
2024-12-24 19:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|