|
2121
|
- |
|
-
|
-
|
In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is a JavaScript Injection vulnerability: unrestricted file upload and download could lead to remote code …
|
-
|
CVE-2024-50623
|
2024-10-31 06:35 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2122
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security seve…
|
NVD-CWE-noinfo
|
CVE-2024-7974
|
2024-10-31 06:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2123
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
|
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header pr…
|
NVD-CWE-noinfo
|
CVE-2024-7531
|
2024-10-31 06:35 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2124
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown
The return value of pm_runtime_get_sync() in cmdq_mbox_shut…
|
-
|
CVE-2024-39492
|
2024-10-31 06:35 |
2024-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2125
|
- |
|
-
|
-
|
A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.
Th…
|
-
|
CVE-2024-22025
|
2024-10-31 06:35 |
2024-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2126
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted…
|
NVD-CWE-noinfo
|
CVE-2024-23850
|
2024-10-31 06:35 |
2024-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2127
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mac80211: validate extended element ID is present
Before attempting to parse an extended element, verify that
the extended elemen…
|
NVD-CWE-noinfo
|
CVE-2021-47611
|
2024-10-31 06:32 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2128
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
Without the bound checks for scpi_pd->name, it could result in the b…
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-47609
|
2024-10-31 06:31 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2129
|
8.8 |
HIGH
Network
|
zimbra
|
collaboration
|
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Si…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-45518
|
2024-10-31 06:23 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2130
|
7.8 |
HIGH
Local
|
ysoft
|
safeq
|
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authent…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2022-23862
|
2024-10-31 06:21 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
