|
313711
|
4.3 |
MEDIUM
Network
|
sap
|
hana-client
|
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. T…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2024-45277
|
2024-11-15 02:54 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313712
|
6.5 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence
|
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine host…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-37179
|
2024-11-15 02:35 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313713
|
5.4 |
MEDIUM
Network
|
sap
|
commerce_backoffice
|
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45278
|
2024-11-15 02:17 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313714
|
4.8 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-36250
|
2024-11-15 02:11 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313715
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fsdax: dax_unshare_iter needs to copy entire blocks
The code that copies data from srcmap to iomap in dax_unshare_iter is
very ve…
|
NVD-CWE-noinfo
|
CVE-2024-50250
|
2024-11-15 02:04 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313716
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Make rmw_lock a raw_spin_lock
The following BUG was triggered:
=============================
[ BUG: Invalid wait con…
|
NVD-CWE-noinfo
|
CVE-2024-50249
|
2024-11-15 02:01 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313717
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend
Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisati…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50239
|
2024-11-15 01:59 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313718
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend
Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation")
r…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50238
|
2024-11-15 01:58 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313719
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "R…
|
CWE-863
Incorrect Authorization
|
CVE-2024-42000
|
2024-11-15 01:48 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313720
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels…
|
NVD-CWE-noinfo
|
CVE-2024-52032
|
2024-11-15 01:47 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
