|
521
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
If get_clock_desc() succeeds, it calls fget() for the cloc…
Update
|
CWE-667
Improper Locking
|
CVE-2024-50210
|
2024-11-20 01:26 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
Avoid memory corruption while setting up Level-2 PBL pages for the non…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50208
|
2024-11-20 01:23 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
9.8 |
CRITICAL
Network
matthewmueller
|
dom-iterator
|
All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body …
Update
|
CWE-94
Code Injection
|
CVE-2024-21541
|
2024-11-20 01:20 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
524
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix reader locking when changing the sub buffer order
The function ring_buffer_subbuf_order_set() updates each
ring_…
Update
|
CWE-667
Improper Locking
|
CVE-2024-50207
|
2024-11-20 01:18 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fs: don't try and remove empty rbtree node
When copying a namespace we won't have added the new copy into the
namespace rbtree un…
Update
|
NVD-CWE-noinfo
|
CVE-2024-50204
|
2024-11-20 01:17 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix address emission with tag-based KASAN enabled
When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_i…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-50203
|
2024-11-20 01:16 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
- |
|
-
|
-
|
Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs …
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2024-52582
|
2024-11-20 01:15 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
- |
|
-
|
-
|
The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges
New
|
-
|
CVE-2024-50803
|
2024-11-20 01:15 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
4.7 |
MEDIUM
Local
|
torchbox
|
wagtail
|
In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password …
Update
|
CWE-362
Race Condition
|
CVE-2020-11037
|
2024-11-20 01:15 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
6.8 |
MEDIUM
Network
|
torchbox
|
wagtail
|
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision
comparison view within the Wagtail admin interface. A user with a limited-permission…
Update
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2020-11001
|
2024-11-20 01:15 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
