1
|
5.3 |
MEDIUM
ネットワーク
softlabbd
|
radio_player
|
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. Th…
Update
|
CWE-862
認証の欠如
|
CVE-2023-4027
|
2024-09-13 02:53 |
2024-08-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
2
|
6.7 |
MEDIUM
ローカル
|
hwameistor
|
hwameistor
|
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deploy…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45054
|
2024-09-13 02:50 |
2024-08-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
4.3 |
MEDIUM
ネットワーク
|
mozilla
|
firefox
|
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.
Update
|
NVD-CWE-Other
|
CVE-2024-38313
|
2024-09-13 02:48 |
2024-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
7.2 |
HIGH
ネットワーク
|
microfocus
|
netiq_advance_authentication
|
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper
handling in provided command parameters. T…
Update
|
CWE-77
コマンドインジェクション
|
CVE-2021-38120
|
2024-09-13 02:41 |
2024-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
- |
-
|
-
|
-
|
No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended …
New
|
-
|
CVE-2024-40457
|
2024-09-13 02:35 |
2024-09-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
7.5 |
HIGH
ネットワーク
clamav
|
clamav
|
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions…
Update
|
CWE-125
境界外読み取り
|
CVE-2024-20505
|
2024-09-13 02:28 |
2024-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
7
|
7.5 |
HIGH
ネットワーク
mozilla
|
firefox
|
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.
Update
|
CWE-416
解放済みメモリの使用
|
CVE-2024-5694
|
2024-09-13 02:28 |
2024-06-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
8
|
9.8 |
CRITICAL
ネットワーク
mi
|
getapps
|
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability t…
Update
|
NVD-CWE-noinfo
|
CVE-2023-26324
|
2024-09-13 02:27 |
2024-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
9
|
9.8 |
CRITICAL
ネットワーク
mi
|
getapps
|
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability t…
Update
|
NVD-CWE-noinfo
|
CVE-2023-26322
|
2024-09-13 02:27 |
2024-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
10
|
6.1 |
MEDIUM
ローカル
|
clamav
|
clamav
|
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versio…
Update
|
CWE-754
例外的な状態における不適切なチェック
|
CVE-2024-20506
|
2024-09-13 02:26 |
2024-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
11
|
9.8 |
CRITICAL
ネットワーク
mi
|
app_market
|
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
Update
|
NVD-CWE-noinfo
|
CVE-2023-26323
|
2024-09-13 02:22 |
2024-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
12
|
5.5 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
The subs function argument may be NULL, so…
Update
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2023-52904
|
2024-09-13 02:22 |
2024-08-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
6.1 |
MEDIUM
ネットワーク
|
forcepoint
|
email_security
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Ema…
Update
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-2166
|
2024-09-13 02:19 |
2024-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
7.3 |
HIGH
ローカル
|
acronis
|
snap_deploy
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Update
|
CWE-427
制御されていない検索パスの要素
|
CVE-2024-34019
|
2024-09-13 02:18 |
2024-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
15
|
5.3 |
MEDIUM
ネットワーク
dlink
|
dns-320_firmware
|
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. T…
Update
|
NVD-CWE-noinfo
|
CVE-2024-8461
|
2024-09-13 02:17 |
2024-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
16
|
5.5 |
MEDIUM
ローカル
|
acronis
|
snap_deploy
|
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Update
|
CWE-276
不適切なデフォルトパーミッション
|
CVE-2024-34018
|
2024-09-13 02:17 |
2024-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
17
|
7.3 |
HIGH
ローカル
|
acronis
|
snap_deploy
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Update
|
CWE-427
制御されていない検索パスの要素
|
CVE-2024-34017
|
2024-09-13 02:16 |
2024-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
- |
-
|
-
|
-
|
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to …
New
|
-
|
CVE-2024-8754
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
- |
-
|
-
|
-
|
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it w…
New
|
-
|
CVE-2024-8640
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
20
|
- |
-
|
-
|
-
|
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possib…
New
|
-
|
CVE-2024-8635
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
21
|
- |
-
|
-
|
-
|
A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the …
New
|
-
|
CVE-2024-8631
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
22
|
- |
-
|
-
|
-
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of …
New
|
-
|
CVE-2024-8124
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
- |
-
|
-
|
-
|
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `aut…
New
|
CWE-285
不適切な認可
|
CVE-2024-6840
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
24
|
- |
-
|
-
|
-
|
An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an at…
New
|
-
|
CVE-2024-6446
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
25
|
- |
-
|
-
|
-
|
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit info…
New
|
-
|
CVE-2024-6389
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
- |
-
|
-
|
-
|
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before…
New
|
-
|
CVE-2024-5435
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
- |
-
|
-
|
-
|
An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was…
New
|
-
|
CVE-2024-4660
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
28
|
- |
-
|
-
|
-
|
An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability …
New
|
-
|
CVE-2024-4612
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
- |
-
|
-
|
-
|
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permiss…
New
|
-
|
CVE-2024-2743
|
2024-09-13 02:15 |
2024-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
30
|
8.8 |
HIGH
ネットワーク
|
phpgurukul
|
job_portal
|
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
Update
|
CWE-434
危険なタイプのファイルの無制限アップロード
|
CVE-2024-8463
|
2024-09-13 02:15 |
2024-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
31
|
5.5 |
MEDIUM
ローカル
|
artifex
|
mupdf
|
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg f…
Update
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2018-19882
|
2024-09-13 02:15 |
2018-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
5.5 |
MEDIUM
ローカル
|
artifex
|
mupdf
|
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted …
Update
|
CWE-400
リソースの枯渇
|
CVE-2018-19881
|
2024-09-13 02:15 |
2018-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
5.5 |
MEDIUM
ローカル
|
artifex debian
|
mupdf debian_linux
|
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
Update
|
CWE-835
無限ループ
|
CVE-2018-19777
|
2024-09-13 02:15 |
2018-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
5.5 |
MEDIUM
ローカル
|
artifex
|
mupdf
|
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
Update
|
CWE-125
境界外読み取り
|
CVE-2018-18662
|
2024-09-13 02:15 |
2018-10-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
5.5 |
MEDIUM
ローカル
|
artifex
|
mupdf
|
In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-dev…
Update
|
CWE-129
配列インデックスの不適切な検証
|
CVE-2018-16648
|
2024-09-13 02:15 |
2018-09-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
5.5 |
MEDIUM
ローカル
|
artifex
|
mupdf
|
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pd…
Update
|
CWE-119
バッファエラー
|
CVE-2018-16647
|
2024-09-13 02:15 |
2018-09-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
5.5 |
MEDIUM
ローカル
|
artifex debian
|
mupdf debian_linux
|
In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
Update
|
CWE-772
有効なライフタイム後のリソースの解放の欠如
|
CVE-2018-1000036
|
2024-09-13 02:15 |
2018-05-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
5.5 |
MEDIUM
ローカル
|
artifex debian
|
mupdf debian_linux
|
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pd…
Update
|
CWE-835
無限ループ
|
CVE-2018-10289
|
2024-09-13 02:15 |
2018-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
5.5 |
MEDIUM
ローカル
|
artifex debian
|
mupdf debian_linux
|
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vul…
Update
|
CWE-835
無限ループ
|
CVE-2018-5686
|
2024-09-13 02:15 |
2018-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
5.5 |
MEDIUM
ローカル
|
artifex
|
mupdf
|
The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF docume…
Update
|
CWE-119
バッファエラー
|
CVE-2016-10221
|
2024-09-13 02:15 |
2017-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
41
|
5.5 |
MEDIUM
ローカル
|
artifex debian
|
mupdf debian_linux
|
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a cr…
Update
|
CWE-787
境界外書き込み
|
CVE-2016-10247
|
2024-09-13 02:15 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
5.5 |
MEDIUM
ローカル
|
artifex debian
|
mupdf debian_linux
|
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted …
Update
|
CWE-787
境界外書き込み
|
CVE-2016-10246
|
2024-09-13 02:15 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
4.7 |
MEDIUM
物理
|
arm
|
trusted_firmware-m
|
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
Update
|
NVD-CWE-Other
|
CVE-2023-51712
|
2024-09-13 02:11 |
2024-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
5.5 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: add sanity tests to TCP_QUEUE_SEQ
Qingyu Li reported a syzkaller bug where the repro
changes RCV SEQ _after_ restoring data …
Update
|
NVD-CWE-noinfo
|
CVE-2021-4442
|
2024-09-13 01:58 |
2024-08-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
5.9 |
MEDIUM
ネットワーク
|
identityautomation
|
rapididentity
|
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parame…
Update
|
CWE-307
過度な認証試行の不適切な制限
|
CVE-2024-45589
|
2024-09-13 01:54 |
2024-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
4.8 |
MEDIUM
ネットワーク
|
themeboy
|
sportspress
|
The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks …
Update
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-3986
|
2024-09-13 01:52 |
2024-07-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
7.5 |
HIGH
ネットワーク
mediavine
|
create
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8.
Update
|
NVD-CWE-noinfo
|
CVE-2024-43264
|
2024-09-13 01:50 |
2024-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
48
|
6.1 |
MEDIUM
ネットワーク
|
linuxos
|
shakal-ng
|
A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument nex…
Update
|
CWE-601
オープンリダイレクト
|
CVE-2024-8412
|
2024-09-13 01:47 |
2024-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
6.5 |
MEDIUM
ネットワーク
|
funnelforms
|
funnelforms_free
|
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not pr…
Update
|
CWE-22
パス・トラバーサル
|
CVE-2024-6312
|
2024-09-13 01:47 |
2024-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
7.2 |
HIGH
ネットワーク
|
funnelforms
|
funnelforms_free
|
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. Thi…
Update
|
CWE-434
危険なタイプのファイルの無制限アップロード
|
CVE-2024-6311
|
2024-09-13 01:46 |
2024-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|