|
316611
|
7.8 |
HIGH
Local
|
intel
|
flexlm_license_daemons_for_intel_fpga
|
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via lo…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-23908
|
2024-09-13 03:43 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316612
|
9.8 |
CRITICAL
Network
|
openedx
|
openedx
|
This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repos…
|
CWE-74
Injection
|
CVE-2024-43782
|
2024-09-13 03:29 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316613
|
7.8 |
HIGH
Local
|
steveklabnik
|
request_store
|
RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to …
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-43791
|
2024-09-13 03:26 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316614
|
8.8 |
HIGH
Local
|
intel
|
ethernet_800_series_controllers_driver
|
Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of pri…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-23497
|
2024-09-13 03:26 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316615
|
6.1 |
MEDIUM
Network
|
jeesite
|
jeesite
|
A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8112
|
2024-09-13 03:23 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316616
|
5.4 |
MEDIUM
Network
|
pretix
|
pretix
|
Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8113
|
2024-09-13 03:21 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316617
|
6.5 |
MEDIUM
Network
|
gethomepage
|
homepage
|
Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and auth…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-42364
|
2024-09-13 03:20 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316618
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
nfs: pass explicit offset/count to trace events
nfs_folio_length is unsafe to use without having the folio locked and a
check for…
|
-
|
CVE-2024-43826
|
2024-09-13 03:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316619
|
7.3 |
HIGH
Local
|
intel
|
virtual_raid_on_cpu
|
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-23489
|
2024-09-13 03:11 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316620
|
5.3 |
MEDIUM
Network
|
softlabbd
|
radio_player
|
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. Th…
|
CWE-862
Missing Authorization
|
CVE-2023-4027
|
2024-09-13 02:53 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
