|
313291
|
6.5 |
MEDIUM
Network
|
progress
|
ws_ftp_server
|
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Pr…
|
CWE-22
Path Traversal
|
CVE-2024-7744
|
2024-09-5 02:57 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313292
|
5.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.
|
NVD-CWE-noinfo
|
CVE-2024-39837
|
2024-09-5 02:38 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313293
|
8.8 |
HIGH
Network
|
easytest_online_test_platform_project
|
easytest_online_test_platform
|
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.
|
CWE-89
SQL Injection
|
CVE-2024-7871
|
2024-09-5 02:34 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313294
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a…
|
NVD-CWE-noinfo
|
CVE-2024-39839
|
2024-09-5 02:34 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313295
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as f…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45046
|
2024-09-5 02:32 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313296
|
6.5 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker t…
|
CWE-611
XXE
|
CVE-2024-45048
|
2024-09-5 02:27 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313297
|
7.1 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create…
|
NVD-CWE-noinfo
|
CVE-2024-41144
|
2024-09-5 02:25 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313298
|
7.8 |
HIGH
Local
|
qualcomm
|
fastconnect_6700_firmware
fastconnect_6900_firmware
fastconnect_7800_firmware
qcm4490_firmware
qcm5430_firmware
qcm6490_firmware
qcm8550_firmware
qcs4490_firmware
qcs5430_firm…
|
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-33038
|
2024-09-5 02:21 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313299
|
7.5 |
HIGH
Network
|
qualcomm
|
ar8035_firmware
csr8811_firmware
fastconnect_6700_firmware
fastconnect_6800_firmware
fastconnect_6900_firmware
fastconnect_7800_firmware
flight_rb5_5g_firmware
immersive_home_214…
|
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
|
CWE-125
Out-of-bounds Read
|
CVE-2024-33048
|
2024-09-5 02:20 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313300
|
7.8 |
HIGH
Local
|
qualcomm
|
ar8035_firmware
csra6620_firmware
csra6640_firmware
fastconnect_6200_firmware
fastconnect_6700_firmware
fastconnect_6900_firmware
fastconnect_7800_firmware
flight_rb5_5g_firmware…
|
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-33045
|
2024-09-5 02:20 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
