|
248891
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice
The km.state is not checked in driver's delayed work. When
xfr…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2024-49953
|
2024-11-8 02:44 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248892
|
- |
|
-
|
-
|
An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that …
|
-
|
CVE-2023-28149
|
2024-11-8 02:35 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248893
|
4.8 |
MEDIUM
Network
|
agendaless
|
waitress
|
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP…
|
CWE-444
CWE-367
HTTP Request Smuggling
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2024-49768
|
2024-11-8 02:28 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248894
|
2.7 |
LOW
Network
|
nirmata
|
kyverno
|
Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By des…
|
CWE-863
Incorrect Authorization
|
CVE-2024-48921
|
2024-11-8 02:20 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248895
|
9.8 |
CRITICAL
Network
|
servicenow
|
servicenow
|
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context…
|
CWE-94
Code Injection
|
CVE-2024-8923
|
2024-11-8 02:18 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248896
|
7.5 |
HIGH
Network
|
servicenow
|
servicenow
|
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. Serv…
|
CWE-89
SQL Injection
|
CVE-2024-8924
|
2024-11-8 02:16 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248897
|
7.8 |
HIGH
Local
|
autodesk
|
autocad_architecture
autocad_electrical
autocad_mechanical
autocad_mep
autocad_plant_3d
civil_3d
advance_steel
autocad
|
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cau…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8587
|
2024-11-8 02:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248898
|
3.3 |
LOW
Local
|
hashicorp
|
vagrant_vmware_utility
|
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system wr…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-10228
|
2024-11-8 02:12 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248899
|
8.8 |
HIGH
Network
|
anisha
|
university_event_management_system
|
A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the arg…
|
CWE-89
SQL Injection
|
CVE-2024-10805
|
2024-11-8 02:09 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248900
|
6.5 |
MEDIUM
Network
|
tenda
|
i22_firmware
|
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-10750
|
2024-11-8 02:09 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
