|
312301
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: sdata can be NULL during AMPDU start
ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a
deauthe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-48875
|
2024-09-5 03:33 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312302
|
7.5 |
HIGH
Network
|
avtecinc
|
outpost_uploader_utility
outpost_0810_firmware
|
Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
|
CWE-219
Storage of File with Sensitive Data Under Web Root
|
CVE-2024-39776
|
2024-09-5 03:25 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312303
|
7.5 |
HIGH
Network
|
avtecinc
|
outpost_uploader_utility
outpost_0810_firmware
|
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2024-42418
|
2024-09-5 03:22 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312304
|
9.8 |
CRITICAL
Network
|
angeljudesuarez
|
e-commerce_website
|
A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulat…
|
CWE-89
SQL Injection
|
CVE-2024-8139
|
2024-09-5 03:02 |
2024-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312305
|
8.1 |
HIGH
Network
|
progress
|
ws_ftp_server
|
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in wit…
|
CWE-287
Improper Authentication
|
CVE-2024-7745
|
2024-09-5 02:57 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312306
|
6.5 |
MEDIUM
Network
|
progress
|
ws_ftp_server
|
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Pr…
|
CWE-22
Path Traversal
|
CVE-2024-7744
|
2024-09-5 02:57 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312307
|
5.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.
|
NVD-CWE-noinfo
|
CVE-2024-39837
|
2024-09-5 02:38 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312308
|
8.8 |
HIGH
Network
|
easytest_online_test_platform_project
|
easytest_online_test_platform
|
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.
|
CWE-89
SQL Injection
|
CVE-2024-7871
|
2024-09-5 02:34 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312309
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a…
|
NVD-CWE-noinfo
|
CVE-2024-39839
|
2024-09-5 02:34 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312310
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as f…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45046
|
2024-09-5 02:32 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
