2071
|
- |
|
-
|
-
|
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "U…
|
-
|
CVE-2024-8376
|
2024-10-31 19:15 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2072
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-843
Type Confusion
|
CVE-2024-10230
|
2024-10-31 17:35 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2073
|
6.1 |
MEDIUM
Network
|
hms-networks
|
ewon_cosy\+_firmware
|
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10…
|
CWE-79
Cross-site Scripting
|
CVE-2024-33893
|
2024-10-31 17:35 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2074
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix possible use-after-free issue in ftrace_location()
KASAN reports a bug:
BUG: KASAN: use-after-free in ftrace_locat…
|
CWE-416
Use After Free
|
CVE-2024-38588
|
2024-10-31 17:35 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2075
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of ser…
|
CWE-22
Path Traversal
|
CVE-2024-9676
|
2024-10-31 14:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2076
|
- |
|
-
|
-
|
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, …
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-3727
|
2024-10-31 14:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2077
|
7.5 |
HIGH
Network
automaticsystems
|
soc_fl9600_firstlane_firmware
|
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
|
CWE-22
Path Traversal
|
CVE-2023-37607
|
2024-10-31 13:15 |
2024-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2078
|
7.5 |
HIGH
Network
automaticsystems
|
soc_fl9600_firstlane_firmware
|
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-37608
|
2024-10-31 13:15 |
2024-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2079
|
9.8 |
CRITICAL
Network
swoopnow
|
1-click_login\
|
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication:…
|
CWE-287
Improper Authentication
|
CVE-2024-50478
|
2024-10-31 10:44 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2080
|
5.4 |
MEDIUM
Network
|
amilia
|
store
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Drapeau Amilia Store allows Stored XSS.This issue affects Amilia Store: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50472
|
2024-10-31 10:42 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|