|
314581
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to truncate preallocated blocks in f2fs_file_open()
chenyuwen reports a f2fs bug as below:
Unable to handle kernel NUL…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-43859
|
2024-09-8 17:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314582
|
9.8 |
CRITICAL
Network
|
ibm
|
security_directory_integrator
security_verify_directory_integrator
|
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a sign…
|
NVD-CWE-noinfo
|
CVE-2022-33162
|
2024-09-7 22:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314583
|
9.8 |
CRITICAL
Network
|
oretnom23
|
clinic\'s_patient_management_system
|
A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php…
|
CWE-89
SQL Injection
|
CVE-2024-7454
|
2024-09-7 21:56 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314584
|
9.8 |
CRITICAL
Network
|
onesoftnet
|
sudobot
|
SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of …
|
CWE-862
Missing Authorization
|
CVE-2024-45307
|
2024-09-7 10:34 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314585
|
6.1 |
MEDIUM
Network
|
xiebruce
|
picuploader
|
A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injec…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44796
|
2024-09-7 08:35 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314586
|
8.8 |
HIGH
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code…
|
CWE-78
OS Command
|
CVE-2024-43804
|
2024-09-7 07:57 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314587
|
8.1 |
HIGH
Network
|
getkirby
|
kirby
|
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and de…
|
CWE-863
Incorrect Authorization
|
CVE-2024-41964
|
2024-09-7 07:56 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314588
|
5.4 |
MEDIUM
Network
|
seacms
|
seacms
|
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad descript…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44919
|
2024-09-7 07:54 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314589
|
9.8 |
CRITICAL
Network
|
deltaww
|
dtn_soft
|
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8255
|
2024-09-7 07:53 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314590
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and le…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-5991
|
2024-09-7 07:51 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
