|
314751
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses
Currently, it's possible to pass in a modified…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43910
|
2024-09-6 03:30 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314752
|
6.1 |
MEDIUM
Network
|
testlink
|
testlink
|
TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.
|
CWE-79
Cross-site Scripting
|
CVE-2024-42906
|
2024-09-6 03:29 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314753
|
7.5 |
HIGH
Network
|
gl-inet
|
mt6000_firmware
x3000_firmware
xe3000_firmware
a1300_firmware
ax1800_firmware
axt1800_firmware
mt2500_firmware
mt3000_firmware
xe300_firmware
x750_firmware
sft1200_firmw…
|
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports …
|
NVD-CWE-noinfo
|
CVE-2024-28077
|
2024-09-6 03:29 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314754
|
6.1 |
MEDIUM
Network
|
xiebruce
|
picuploader
|
A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted pay…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44794
|
2024-09-6 03:28 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314755
|
6.1 |
MEDIUM
Network
|
gazelle_project
|
gazelle
|
A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload …
|
CWE-79
Cross-site Scripting
|
CVE-2024-44793
|
2024-09-6 03:28 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314756
|
6.1 |
MEDIUM
Network
|
gazelle_project
|
gazelle
|
A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44795
|
2024-09-6 03:26 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314757
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: disallow setting special AP channel widths
Setting the AP channel width is meant for use with the normal
20/40/...…
|
NVD-CWE-noinfo
|
CVE-2024-43912
|
2024-09-6 03:19 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314758
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nvme: apple: fix device reference counting
Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.
Split the alloca…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-43913
|
2024-09-6 03:12 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314759
|
7.1 |
HIGH
Local
|
samsung
|
android
|
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-34638
|
2024-09-6 03:05 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314760
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on…
|
NVD-CWE-Other
|
CVE-2024-34637
|
2024-09-6 03:05 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
