|
315391
|
7.8 |
HIGH
Local
|
qnap
|
qts
quts_hero
|
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perfo…
|
CWE-862
Missing Authorization
|
CVE-2023-39298
|
2024-09-21 01:39 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315392
|
6.1 |
MEDIUM
Network
|
intumit
|
smartrobot_firmware
|
SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting at…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8776
|
2024-09-21 01:38 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315393
|
2.4 |
LOW
Adjacent
|
qnap
|
qts
quts_hero
|
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local networ…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-32771
|
2024-09-21 01:38 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315394
|
7.5 |
HIGH
Network
|
openjsf
|
body-parser
|
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood th…
|
NVD-CWE-noinfo
|
CVE-2024-45590
|
2024-09-21 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315395
|
2.7 |
LOW
Network
|
fortinet
|
fortiedrmanager
|
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permiss…
|
NVD-CWE-Other
|
CVE-2024-45323
|
2024-09-21 01:23 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315396
|
5.3 |
MEDIUM
Network
|
lizardbyte
|
sunshine
|
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing a…
|
NVD-CWE-noinfo
|
CVE-2024-45407
|
2024-09-21 01:18 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315397
|
4.7 |
MEDIUM
Network
|
openjsf
|
express
|
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43796
|
2024-09-21 01:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315398
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
It is not safe to dereference fl->c.flc_owner without fir…
|
NVD-CWE-noinfo
|
CVE-2024-46690
|
2024-09-21 00:55 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315399
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: cmd-db: Map shared memory as WC, not WB
Linux does not write into cmd-db region. This region of memory is write
protec…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46689
|
2024-09-21 00:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315400
|
9.8 |
CRITICAL
Network
|
h2o
|
h2o
|
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Conn…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8862
|
2024-09-21 00:47 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
