|
911
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.
Update
|
NVD-CWE-noinfo
|
CVE-2024-44203
|
2024-10-31 23:08 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
912
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg
The implementation of BPF_CMPXCHG on a high level has the followin…
Update
|
NVD-CWE-noinfo
|
CVE-2021-47607
|
2024-10-31 23:07 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
913
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
Adding a check on len parameter to avoid empty skb. This pr…
Update
|
CWE-369
Divide By Zero
|
CVE-2021-47606
|
2024-10-31 22:58 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
914
|
9.8 |
CRITICAL
Network
buynowdepot
|
advanced_online_ordering_and_delivery_platform
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local Fi…
Update
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2024-50497
|
2024-10-31 22:55 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
915
|
5.4 |
MEDIUM
Network
|
climaxthemes
|
kata_plus
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Climax Themes Kata Plus allows Stored XSS.This issue affects Kata Plus: from n/a through 1…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-50501
|
2024-10-31 22:51 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
916
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
vduse: fix memory corruption in vduse_dev_ioctl()
The "config.offset" comes from the user. There needs to a check to
prevent it …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2021-47605
|
2024-10-31 22:50 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
917
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
audit: improve robustness of the audit queue handling
If the audit daemon were ever to get stuck in a stopped state the
kernel's …
Update
|
CWE-667
Improper Locking
|
CVE-2021-47603
|
2024-10-31 22:46 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
918
|
5.4 |
MEDIUM
Network
|
cozythemes
|
cozy_blocks
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-50502
|
2024-10-31 22:43 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
919
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mac80211: track only QoS data frames for admission control
For admission control, obviously all of that only works for
QoS data f…
Update
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2021-47602
|
2024-10-31 22:41 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
920
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: use latest_dev in btrfs_show_devname
The test case btrfs/238 reports the warning below:
WARNING: CPU: 3 PID: 481 at fs/b…
Update
|
CWE-362
Race Condition
|
CVE-2021-47599
|
2024-10-31 22:36 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
