|
312261
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
Calculating the size of the mapped area as the lesser value
betwe…
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2024-42259
|
2024-09-25 10:15 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312262
|
9.8 |
CRITICAL
Network
|
ivanti
|
virtual_traffic_management
|
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
|
CWE-287
Improper Authentication
|
CVE-2024-7593
|
2024-09-25 10:00 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312263
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-44188
|
2024-09-25 05:38 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312264
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-40859
|
2024-09-25 05:31 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312265
|
7.5 |
HIGH
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability t…
|
NVD-CWE-noinfo
|
CVE-2024-47000
|
2024-09-25 05:25 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312266
|
6.5 |
MEDIUM
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to …
|
NVD-CWE-noinfo
|
CVE-2024-46999
|
2024-09-25 05:20 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312267
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-45809
|
2024-09-25 05:12 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312268
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requ…
|
NVD-CWE-noinfo
|
CVE-2024-45810
|
2024-09-25 04:48 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312269
|
4.8 |
MEDIUM
Network
|
mage-people
|
bus_ticket_booking_with_seat_reservation
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affe…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43985
|
2024-09-25 04:33 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312270
|
6.1 |
MEDIUM
Network
|
couchbase
|
couchbase_server
|
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
|
CWE-74
Injection
|
CVE-2024-25673
|
2024-09-25 04:08 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
