|
252311
|
- |
|
-
|
-
|
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileg…
|
CWE-269
Improper Privilege Management
|
CVE-2024-7048
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252312
|
- |
|
-
|
-
|
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
|
-
|
CVE-2024-9380
|
2024-10-10 10:00 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252313
|
- |
|
-
|
-
|
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
|
-
|
CVE-2024-9379
|
2024-10-10 10:00 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252314
|
8.1 |
HIGH
Network
|
prestashop
|
prestashop
|
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploita…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-41651
|
2024-10-10 03:15 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252315
|
7.2 |
HIGH
Network
|
cisco
|
rv340_dual_wan_gigabit_vpn_router_firmware
rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware
rv345_dual_wan_gigabit_vpn_router_firmware
rv345p_dual_wan_gigabit_poe_vpn_router_firmware
|
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute ar…
|
NVD-CWE-Other
|
CVE-2024-20470
|
2024-10-10 01:55 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252316
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ethtool: fail closed if we can't get max channel used in indirection tables
Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing…
|
NVD-CWE-noinfo
|
CVE-2024-46834
|
2024-10-10 00:57 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252317
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: void array out of bound when loop tnl_num
When query reg inf of SSU, it loops tnl_num times. However, tnl_num comes
fr…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46833
|
2024-10-10 00:54 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252318
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
This avoids warning:
[ 0.118053] BUG: sleeping functi…
|
NVD-CWE-noinfo
|
CVE-2024-46832
|
2024-10-10 00:51 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252319
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: aspeed_udc: validate endpoint index for ast udc
We should verify the bound of the array to assure that host
may not …
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46836
|
2024-10-10 00:47 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252320
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Restrict high priorities on group_create
We were allowing any users to create a high priority group without any
perm…
|
NVD-CWE-noinfo
|
CVE-2024-46837
|
2024-10-10 00:37 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
