|
2031
|
5.3 |
MEDIUM
Network
mozilla
|
thunderbird
firefox
|
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, an…
|
NVD-CWE-noinfo
|
CVE-2024-10460
|
2024-10-31 23:32 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2032
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix kernel address leakage in atomic fetch
The change in commit 37086bfdc737 ("bpf: Propagate stack bounds to registers
in a…
|
NVD-CWE-noinfo
|
CVE-2021-47608
|
2024-10-31 23:16 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2033
|
- |
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of …
|
-
|
CVE-2024-47529
|
2024-10-31 23:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2034
|
6.5 |
MEDIUM
Network
|
openc3
|
cosmos
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method all…
|
CWE-22
Path Traversal
|
CVE-2024-46977
|
2024-10-31 23:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2035
|
6.1 |
MEDIUM
Network
|
openc3
|
cosmos
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnera…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43795
|
2024-10-31 23:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2036
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.
|
NVD-CWE-noinfo
|
CVE-2024-44203
|
2024-10-31 23:08 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2037
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg
The implementation of BPF_CMPXCHG on a high level has the followin…
|
NVD-CWE-noinfo
|
CVE-2021-47607
|
2024-10-31 23:07 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2038
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
Adding a check on len parameter to avoid empty skb. This pr…
|
CWE-369
Divide By Zero
|
CVE-2021-47606
|
2024-10-31 22:58 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2039
|
9.8 |
CRITICAL
Network
buynowdepot
|
advanced_online_ordering_and_delivery_platform
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local Fi…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2024-50497
|
2024-10-31 22:55 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2040
|
5.4 |
MEDIUM
Network
|
climaxthemes
|
kata_plus
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Climax Themes Kata Plus allows Stored XSS.This issue affects Kata Plus: from n/a through 1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50501
|
2024-10-31 22:51 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
