|
121
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
For pptable structs that use flexible array sizes, use flexibl…
Update
|
-
|
CVE-2023-52819
|
2024-11-6 04:35 |
2024-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
- |
|
-
|
-
|
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.
Update
|
-
|
CVE-2024-26517
|
2024-11-6 04:35 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: rawmidi - fix the uninitalized user_pversion
The user_pversion was uninitialized for the user space file structure
in the o…
Update
|
-
|
CVE-2021-47096
|
2024-11-6 04:35 |
2024-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
- |
|
-
|
-
|
Recent x86 CPUs offer functionality named Control-flow Enforcement
Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS).
CET-SS is a hardware feature designed to protect against Return…
Update
|
-
|
CVE-2023-46841
|
2024-11-6 04:35 |
2024-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
4.8 |
MEDIUM
Network
|
toshibatec
sharp
|
e-studio1058_firmware
e-studio1208_firmware
e-studio908_firmware
bp-90c70_firmware
bp-90c80_firmware
bp-70c65_firmware
bp-70c55_firmware
bp-70c45_firmware
bp-70c36_firmware
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability.
If crafted input is stored by an administrative user, ma…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-48870
|
2024-11-6 04:34 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
126
|
6.1 |
MEDIUM
Network
|
toshibatec
sharp
|
e-studio1058_firmware
e-studio1208_firmware
e-studio908_firmware
bp-90c70_firmware
bp-90c80_firmware
bp-70c65_firmware
bp-70c55_firmware
bp-70c45_firmware
bp-70c36_firmware
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability.
Accessing a crafted URL which points to an affected prod…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47801
|
2024-11-6 04:34 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
127
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
Update
|
CWE-78
OS Command
|
CVE-2024-51248
|
2024-11-6 04:28 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
Update
|
CWE-78
OS Command
|
CVE-2024-51247
|
2024-11-6 04:28 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
Update
|
CWE-78
OS Command
|
CVE-2024-51245
|
2024-11-6 04:28 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
Update
|
CWE-78
OS Command
|
CVE-2024-51244
|
2024-11-6 04:28 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
