661
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privi…
Update
|
NVD-CWE-Other
|
CVE-2023-35680
|
2024-10-30 03:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
662
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous l…
Update
|
NVD-CWE-noinfo
|
CVE-2023-35677
|
2024-10-30 03:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
663
|
6.5 |
MEDIUM
Network
|
spidercontrol
|
scadawebserver
|
SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file f…
Update
|
-
|
CVE-2023-3329
|
2024-10-30 03:35 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
664
|
9.1 |
CRITICAL
Network
robertdavidgraham
|
robdns
|
robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2024-24192
|
2024-10-30 03:25 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
665
|
7.5 |
HIGH
Network
robertdavidgraham
|
robdns
|
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.
Update
|
NVD-CWE-noinfo
|
CVE-2024-24195
|
2024-10-30 03:24 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
666
|
- |
|
-
|
-
|
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10276
|
2024-10-30 03:15 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
667
|
7.2 |
HIGH
Network
|
themeum
|
tutor_lms
|
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to in…
Update
|
CWE-89
SQL Injection
|
CVE-2024-4902
|
2024-10-30 03:07 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
668
|
5.4 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all vers…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-5612
|
2024-10-30 03:05 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
669
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix the setting of the server responding flag
In afs_wait_for_operation(), we set transcribe the call responded flag to
the …
Update
|
NVD-CWE-noinfo
|
CVE-2024-49999
|
2024-10-30 03:03 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
670
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: gso: fix tcp fraglist segmentation after pull from frag_list
Detect tcp gso fraglist skbs with corrupted geometry (see below…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49979
|
2024-10-30 03:02 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|