|
250711
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix uaf for accessing waker_bfqq after splitting
After commit 42c306ed7233 ("block, bfq: don't break merge chain in
b…
|
CWE-416
Use After Free
|
CVE-2024-49854
|
2024-10-24 01:29 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250712
|
8.8 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smack: tcp: ipv4, fix incorrect labeling
Currently, Smack mirrors the label of incoming tcp/ipv4 connections:
when a label 'foo' …
|
NVD-CWE-noinfo
|
CVE-2024-47659
|
2024-10-24 01:29 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250713
|
8.8 |
HIGH
Adjacent
|
wavlink
|
wn530h4_firmware
wn530hg4_firmware
wn572hg3_firmware
|
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Fron…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-10194
|
2024-10-24 01:16 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250714
|
7.2 |
HIGH
Network
|
wavlink
|
wn530h4_firmware
wn530hg4_firmware
wn572hg3_firmware
|
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of …
|
CWE-77
Command Injection
|
CVE-2024-10193
|
2024-10-24 01:16 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250715
|
5.3 |
MEDIUM
Network
|
stylemixthemes
|
cost_calculator_builder
|
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipula…
|
NVD-CWE-Other
|
CVE-2024-6010
|
2024-10-24 01:15 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250716
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix double free in OPTEE transport
Channels can be shared between protocols, avoid freeing the same channel
d…
|
CWE-415
Double Free
|
CVE-2024-49853
|
2024-10-24 01:14 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250717
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
The kref_put() function will call nport->release if the …
|
CWE-416
Use After Free
|
CVE-2024-49852
|
2024-10-24 01:14 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250718
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: stm32/cryp - call finalize with bh disabled
The finalize operation in interrupt mode produce a produces a spinlock
recurs…
|
NVD-CWE-noinfo
|
CVE-2024-47658
|
2024-10-24 01:14 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250719
|
9.8 |
CRITICAL
Network
|
moridrin
|
ssv_events
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV Events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through 3.2…
|
CWE-22
Path Traversal
|
CVE-2024-49286
|
2024-10-24 01:13 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250720
|
5.4 |
MEDIUM
Network
|
mightyplugins
|
mighty_builder
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/…
|
CWE-79
Cross-site Scripting
|
CVE-2024-48049
|
2024-10-24 01:12 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
