|
319371
|
6.5 |
MEDIUM
Network
|
serilog-contrib
|
serilog-enrichers-clientinfo
|
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or…
|
NVD-CWE-noinfo
|
CVE-2024-44930
|
2024-09-4 21:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319372
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43776
|
2024-09-4 21:27 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319373
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43775
|
2024-09-4 21:27 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319374
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid param…
|
CWE-89
SQL Injection
|
CVE-2024-43774
|
2024-09-4 21:26 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319375
|
9.8 |
CRITICAL
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43773
|
2024-09-4 21:26 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319376
|
8.1 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attack…
|
CWE-863
Incorrect Authorization
|
CVE-2024-45588
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319377
|
8.8 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remot…
|
NVD-CWE-Other
|
CVE-2024-45587
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319378
|
8.8 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote…
|
NVD-CWE-Other
|
CVE-2024-45586
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319379
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
kcm: Serialise kcm_sendmsg() for the same socket.
syzkaller reported UAF in kcm_release(). [0]
The scenario is
1. Thread A bu…
|
CWE-416
Use After Free
|
CVE-2024-44946
|
2024-09-4 21:15 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319380
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
hci_conn_params_add() never checks for a NULL value and could lead to a NULL…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-43884
|
2024-09-4 21:15 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
