|
2971
|
- |
|
-
|
-
|
Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for tr…
|
-
|
CVE-2024-49422
|
2024-12-31 18:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2972
|
- |
|
-
|
-
|
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plu…
|
-
|
CVE-2024-11972
|
2024-12-31 15:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2973
|
7.6 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod.…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-45497
|
2024-12-31 12:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2974
|
8.8 |
HIGH
Network
|
-
|
-
|
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access ce…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-13040
|
2024-12-31 11:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2975
|
8.8 |
HIGH
Network
|
-
|
-
|
The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed …
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-12839
|
2024-12-31 11:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2976
|
8.8 |
HIGH
Network
|
-
|
-
|
The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request…
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2024-12838
|
2024-12-31 11:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2977
|
- |
|
-
|
-
|
An issue exists in SoftIron HyperCloud
where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined…
|
-
|
CVE-2024-13058
|
2024-12-31 07:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2978
|
- |
|
-
|
-
|
Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker m…
|
CWE-59
Link Following
|
CVE-2024-12753
|
2024-12-31 06:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2979
|
- |
|
-
|
-
|
Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. Us…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-12752
|
2024-12-31 06:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2980
|
- |
|
-
|
-
|
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. U…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-12751
|
2024-12-31 06:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
