|
1861
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
tmpfs: fix race on handling dquot rbtree
A syzkaller reproducer found a race while attempting to remove dquot
information from th…
|
-
|
CVE-2024-27058
|
2024-11-2 02:35 |
2024-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1862
|
- |
|
-
|
-
|
Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated afte…
|
-
|
CVE-2024-1900
|
2024-11-2 02:35 |
2024-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1863
|
- |
|
-
|
-
|
In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not ne…
|
-
|
CVE-2024-20026
|
2024-11-2 02:35 |
2024-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1864
|
5.9 |
MEDIUM
Network
|
cisco
|
adaptive_security_appliance_software
firepower_threat_defense_software
|
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software …
|
CWE-331
Insufficient Entropy
|
CVE-2024-20331
|
2024-11-2 02:32 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1865
|
5.4 |
MEDIUM
Network
|
cisco
|
firepower_management_center
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack ag…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20377
|
2024-11-2 02:30 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1866
|
6.1 |
MEDIUM
Network
|
maxfoundry
|
social_share_buttons
|
The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9219
|
2024-11-2 02:30 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1867
|
6.1 |
MEDIUM
Network
|
cisco
|
adaptive_security_appliance_software
firepower_threat_defense_software
|
A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote att…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20341
|
2024-11-2 02:22 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1868
|
- |
|
-
|
-
|
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on (raw)…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51492
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1869
|
- |
|
-
|
-
|
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local…
|
-
|
CVE-2024-51483
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1870
|
- |
|
-
|
-
|
`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Cont…
|
CWE-22
CWE-35
Path Traversal
Path Traversal: '.../...//'
|
CVE-2024-49770
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
