|
313761
|
5.1 |
MEDIUM
Local
|
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not…
|
NVD-CWE-noinfo
|
CVE-2024-45157
|
2024-09-13 01:29 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313762
|
9.8 |
CRITICAL
Network
|
mi
|
file_manager
|
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attac…
|
CWE-22
Path Traversal
|
CVE-2023-26321
|
2024-09-13 01:29 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313763
|
7.1 |
HIGH
Network
|
dylanjkotze
|
zephyr_project_manager
|
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-43916
|
2024-09-13 01:21 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313764
|
5.4 |
MEDIUM
Network
|
xjd2020
|
fastcms
|
A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7733
|
2024-09-13 01:20 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313765
|
5.4 |
MEDIUM
Network
|
deathbreak
|
drug
|
A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user para…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44837
|
2024-09-13 01:17 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313766
|
7.5 |
HIGH
Network
|
dataflowx
|
datadiodex
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before…
|
CWE-22
Path Traversal
|
CVE-2024-6445
|
2024-09-13 01:14 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313767
|
9.8 |
CRITICAL
Network
|
dlink
|
di-8100g_firmware
|
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
|
CWE-77
Command Injection
|
CVE-2024-44401
|
2024-09-13 01:09 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313768
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
Fix a use-after-free that occurs in hcd when in_urb sent from…
|
CWE-416
Use After Free
|
CVE-2023-52907
|
2024-09-13 01:06 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313769
|
9.1 |
CRITICAL
Network
|
openhab
|
openhab
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB …
|
CWE-862
Missing Authorization
|
CVE-2024-42470
|
2024-09-13 01:04 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313770
|
9.8 |
CRITICAL
Network
|
openhab
|
openhab
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authenti…
|
CWE-22
Path Traversal
|
CVE-2024-42469
|
2024-09-13 01:02 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
