|
431
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted…
Update
|
NVD-CWE-noinfo
|
CVE-2024-23850
|
2024-10-31 06:35 |
2024-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mac80211: validate extended element ID is present
Before attempting to parse an extended element, verify that
the extended elemen…
Update
|
NVD-CWE-noinfo
|
CVE-2021-47611
|
2024-10-31 06:32 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
Without the bound checks for scpi_pd->name, it could result in the b…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-47609
|
2024-10-31 06:31 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
8.8 |
HIGH
Network
|
zimbra
|
collaboration
|
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Si…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-45518
|
2024-10-31 06:23 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
7.8 |
HIGH
Local
|
ysoft
|
safeq
|
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authent…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2022-23862
|
2024-10-31 06:21 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
9.8 |
CRITICAL
Network
riskengine
|
radar
|
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10121
|
2024-10-31 06:21 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
437
|
7.8 |
HIGH
Local
|
helakuru
|
helakuru
|
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-48605
|
2024-10-31 06:19 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
4.9 |
MEDIUM
Network
|
i13websolution
|
photo_gallery_slideshow_\&_masonry_tiled_gallery
|
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping…
Update
|
CWE-89
SQL Injection
|
CVE-2019-25218
|
2024-10-31 06:18 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
4.3 |
MEDIUM
Network
|
nofusscomputing
|
centurion_erp
|
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of.…
Update
|
NVD-CWE-noinfo
|
CVE-2024-49373
|
2024-10-31 06:16 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
- |
|
-
|
-
|
*Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files.
New
|
-
|
CVE-2024-48734
|
2024-10-31 06:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
