|
309661
|
8.1 |
HIGH
Network
|
level1
|
wbr-6012_firmware
|
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can forc…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-28875
|
2024-11-14 03:10 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309662
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: Add bounds checking to mi_enum_attr()
Added bounds checking to make sure that every attr don't stray beyond
valid memory r…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-50248
|
2024-11-14 03:07 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309663
|
5.4 |
MEDIUM
Network
|
themepunch
|
slider_revolution
|
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8107
|
2024-11-14 03:06 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309664
|
5.4 |
MEDIUM
Network
|
benjaminzekavica
|
easy_svg_support
|
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10269
|
2024-11-14 02:59 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309665
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check if more than chunk-size bytes are written
A incorrectly formatted chunk may decompress into
more than LZNT_CHUNK_…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50247
|
2024-11-14 02:58 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309666
|
7.2 |
HIGH
Network
|
wavlink
|
wn530h4_firmware
wn530hg4_firmware
wn572hg3_firmware
|
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the arg…
|
CWE-77
Command Injection
|
CVE-2024-10429
|
2024-11-14 02:58 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309667
|
7.2 |
HIGH
Network
|
wavlink
|
wn530h4_firmware
wn530hg4_firmware
wn572hg3_firmware
|
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation …
|
CWE-77
Command Injection
|
CVE-2024-10428
|
2024-11-14 02:57 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309668
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-47803
|
2024-11-14 02:45 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309669
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add rough attr alloc_size check
|
NVD-CWE-noinfo
|
CVE-2024-50246
|
2024-11-14 02:38 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309670
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nvmet-auth: assign dh_key to NULL after kfree_sensitive
ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()…
|
CWE-415
Double Free
|
CVE-2024-50215
|
2024-11-14 02:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
