|
316371
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix overflow in get_free_elt()
"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.
Once it overflows, …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-43890
|
2024-09-6 03:48 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316372
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tracing: Have format file honor EVENT_FILE_FL_FREED
When eventfs was introduced, special care had to be done to coordinate the
fr…
|
CWE-416
Use After Free
|
CVE-2024-43891
|
2024-09-6 03:46 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316373
|
7.5 |
HIGH
Network
|
blood_bank_system_project
|
blood_bank_system
|
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file /login.php of the component Login Page. The manipulati…
|
CWE-89
SQL Injection
|
CVE-2024-8173
|
2024-09-6 03:39 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316374
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL
Call efi_rt_services_supported() to check that efi.get_varia…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-43896
|
2024-09-6 03:37 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316375
|
5.4 |
MEDIUM
Network
|
lopalopa
|
music_management_system
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42790
|
2024-09-6 03:36 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316376
|
9.8 |
CRITICAL
Network
|
seacms
|
seacms
|
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
|
CWE-89
SQL Injection
|
CVE-2024-41444
|
2024-09-6 03:36 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316377
|
3.5 |
LOW
Network
|
lopalopa
|
music_management_system
|
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
|
CWE-352
Origin Validation Error
|
CVE-2024-42792
|
2024-09-6 03:35 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316378
|
7.5 |
HIGH
Network
|
netskope
|
netskope
|
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, …
|
CWE-287
Improper Authentication
|
CVE-2024-7401
|
2024-09-6 03:34 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316379
|
9.8 |
CRITICAL
Network
|
ruoyi
|
ruoyi
|
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
|
CWE-89
SQL Injection
|
CVE-2024-42913
|
2024-09-6 03:31 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316380
|
9.8 |
CRITICAL
Network
|
skyss
|
arfa-cms
|
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.
|
CWE-89
SQL Injection
|
CVE-2024-45265
|
2024-09-6 03:30 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
