|
257211
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: xc2028: avoid use-after-free in load_firmware_cb()
syzkaller reported use-after-free in load_firmware_cb() [1].
The reason…
|
CWE-416
Use After Free
|
CVE-2024-43900
|
2024-08-27 23:38 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257212
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix null pointer deref in dcn20_resource.c
Fixes a hang thats triggered when MPV is run on a DCN401 dGPU:
mpv -…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-43899
|
2024-08-27 23:38 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257213
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix possible divide-by-0 panic in padata_mt_helper()
We are hit with a not easily reproducible divide-by-0 panic in padat…
|
CWE-369
Divide By Zero
|
CVE-2024-43889
|
2024-08-27 23:38 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257214
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm: list_lru: fix UAF for memory cgroup
The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or
cgroup_mutex or…
|
CWE-416
Use After Free
|
CVE-2024-43888
|
2024-08-27 23:37 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257215
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check in resource_log_pipe_topology_update
[WHY]
When switching from "Extend" to "Second Display Only" …
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-43886
|
2024-08-27 23:37 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257216
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_adaudit_plus
|
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
|
CWE-89
SQL Injection
|
CVE-2024-5586
|
2024-08-27 23:37 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257217
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_adaudit_plus
|
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
|
CWE-89
SQL Injection
|
CVE-2024-5556
|
2024-08-27 23:36 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257218
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_adaudit_plus
|
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
|
CWE-89
SQL Injection
|
CVE-2024-5490
|
2024-08-27 23:36 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257219
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the…
|
-
|
CVE-2024-42816
|
2024-08-27 23:35 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257220
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus_msp
manageengine_servicedesk_plus
manageengine_supportcenter_plus
|
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41150
|
2024-08-27 23:35 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
