|
317391
|
9.8 |
CRITICAL
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43773
|
2024-09-4 21:26 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317392
|
8.1 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attack…
|
CWE-863
Incorrect Authorization
|
CVE-2024-45588
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317393
|
8.8 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remot…
|
NVD-CWE-Other
|
CVE-2024-45587
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317394
|
8.8 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote…
|
NVD-CWE-Other
|
CVE-2024-45586
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317395
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
kcm: Serialise kcm_sendmsg() for the same socket.
syzkaller reported UAF in kcm_release(). [0]
The scenario is
1. Thread A bu…
|
CWE-416
Use After Free
|
CVE-2024-44946
|
2024-09-4 21:15 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317396
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
hci_conn_params_add() never checks for a NULL value and could lead to a NULL…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-43884
|
2024-09-4 21:15 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317397
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cgroup/cpuset: Prevent UAF in proc_cpuset_show()
An UAF can happen when /proc/cpuset is read as reported in [1].
This can be rep…
|
CWE-416
Use After Free
|
CVE-2024-43853
|
2024-09-4 21:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317398
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix extent map use-after-free when adding pages to compressed bio
At add_ra_bio_pages() we are accessing the extent map to…
|
CWE-416
Use After Free
|
CVE-2024-42314
|
2024-09-4 21:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317399
|
9.8 |
CRITICAL
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43772
|
2024-09-4 21:11 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317400
|
4.3 |
MEDIUM
Network
|
majeedraza
|
carousel_slider
|
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Sl…
|
CWE-352
Origin Validation Error
|
CVE-2024-45270
|
2024-09-4 20:51 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
