|
51
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Free dynamically allocated bits in bpf_iter_bits_destroy()
bpf_iter_bits_destroy() uses "kit->nr_bits <= 64" to check whethe…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-50254
|
2024-11-15 03:09 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check the validity of nr_words in bpf_iter_bits_new()
Check the validity of nr_words in bpf_iter_bits_new(). Without this
ch…
Update
|
NVD-CWE-noinfo
|
CVE-2024-50253
|
2024-11-15 03:09 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
The device stores IPv6 addresses that are used for encaps…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-50252
|
2024-11-15 03:08 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
6.5 |
MEDIUM
Network
|
lsquared
|
l_squared_hub
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in L Squared Support L Squared Hub WP allows SQL Injection.This issue affects L Squared Hub WP: from…
New
|
CWE-89
SQL Injection
|
CVE-2024-51820
|
2024-11-15 03:03 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
5.3 |
MEDIUM
Network
sap
|
s\/4_hana
|
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutabl…
Update
|
CWE-650
|
CVE-2024-45282
|
2024-11-15 02:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
56
|
9.8 |
CRITICAL
Network
webfulcreations
|
computer_repair_shop
|
Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a thro…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-51793
|
2024-11-15 02:54 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
57
|
4.3 |
MEDIUM
Network
|
sap
|
hana-client
|
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. T…
Update
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2024-45277
|
2024-11-15 02:54 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
5.4 |
MEDIUM
Network
|
wpgrids
|
slicko
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpgrids Slicko allows DOM-Based XSS.This issue affects Slicko: from n/a through 1.2.0.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51591
|
2024-11-15 02:51 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
6.5 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence
|
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine host…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-37179
|
2024-11-15 02:35 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
- |
|
-
|
-
|
In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to requ…
Update
|
-
|
CVE-2024-29120
|
2024-11-15 02:35 |
2024-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
