|
313691
|
4.7 |
MEDIUM
Network
|
openjsf
|
serve-static
|
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-43800
|
2024-09-21 02:36 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313692
|
4.3 |
MEDIUM
Network
|
ibm
|
concert
|
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this li…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-43180
|
2024-09-21 02:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313693
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix get_stashed_dentry()
get_stashed_dentry() tries to optimistically retrieve a stashed dentry
from a provided location. …
|
NVD-CWE-noinfo
|
CVE-2024-46801
|
2024-09-21 02:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313694
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
sch/netem: fix use after free in netem_dequeue
If netem_dequeue() enqueues packet to inner qdisc and that qdisc
returns __NET_XMI…
|
CWE-416
Use After Free
|
CVE-2024-46800
|
2024-09-21 02:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313695
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: core: Prevent USB core invalid event buffer address access
This commit addresses an issue where the USB core could acc…
|
NVD-CWE-noinfo
|
CVE-2024-46675
|
2024-09-21 02:18 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313696
|
9.8 |
CRITICAL
Network
|
sfs
|
winsure
|
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.
|
CWE-611
XXE
|
CVE-2024-7098
|
2024-09-21 02:14 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313697
|
9.8 |
CRITICAL
Network
|
sfs
|
insuree_gl
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.
|
CWE-89
SQL Injection
|
CVE-2024-6401
|
2024-09-21 02:07 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313698
|
7.8 |
HIGH
Local
|
refuel
|
autolabel
|
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a use…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2024-27321
|
2024-09-21 02:06 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313699
|
8.8 |
HIGH
Network
|
oretnom23
|
simple_forum\/discussion_system
|
A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argu…
|
CWE-22
Path Traversal
|
CVE-2024-9032
|
2024-09-21 02:04 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313700
|
8.1 |
HIGH
Network
|
totolink
|
a720r_firmware
|
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack…
|
CWE-78
OS Command
|
CVE-2024-8869
|
2024-09-21 01:59 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
