|
313151
|
5.3 |
MEDIUM
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…
|
NVD-CWE-Other
|
CVE-2024-42388
|
2024-11-20 02:51 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313152
|
5.3 |
MEDIUM
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…
|
NVD-CWE-Other
|
CVE-2024-42387
|
2024-11-20 02:51 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313153
|
7.2 |
HIGH
Network
|
craftcms
|
craft_cms
|
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via tw…
|
CWE-22
Path Traversal
|
CVE-2024-52293
|
2024-11-20 02:51 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313154
|
5.3 |
MEDIUM
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…
|
NVD-CWE-Other
|
CVE-2024-42391
|
2024-11-20 02:50 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313155
|
5.3 |
MEDIUM
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…
|
NVD-CWE-Other
|
CVE-2024-42390
|
2024-11-20 02:50 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313156
|
9.8 |
CRITICAL
Network
|
algolplus
|
advanced_order_export_for_woocommerce
|
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order ex…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10828
|
2024-11-20 02:41 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313157
|
9.8 |
CRITICAL
Network
|
vanquish
|
woocommerce_upload_files
|
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10820
|
2024-11-20 02:38 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313158
|
- |
|
-
|
-
|
A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
|
-
|
CVE-2024-51765
|
2024-11-20 02:35 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313159
|
- |
|
-
|
-
|
A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
|
-
|
CVE-2024-51764
|
2024-11-20 02:35 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313160
|
- |
|
-
|
-
|
In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can star…
|
-
|
CVE-2017-13311
|
2024-11-20 02:35 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
