|
304131
|
4.6 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path travers…
|
CWE-352
Origin Validation Error
|
CVE-2024-46872
|
2024-11-9 00:00 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304132
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: fix race condition between reset and nvme_dev_disable()
nvme_dev_disable() modifies the dev->online_queues field, there…
|
CWE-362
Race Condition
|
CVE-2024-50135
|
2024-11-8 23:34 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304133
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Unregister notifier on eswitch init failure
It otherwise remains registered and a subsequent attempt at eswitch
enablin…
|
NVD-CWE-noinfo
|
CVE-2024-50136
|
2024-11-8 23:31 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304134
|
6.5 |
MEDIUM
Network
|
zte
|
zxr10_1800-2s_firmware
zxr10_2800-4_firmware
zxr10_3800-8_firmware
zxr10_160_firmware
|
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the de…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-22066
|
2024-11-8 23:31 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304135
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
data->asserted will be NULL on JH7110 SoC since commit 8232…
|
NVD-CWE-noinfo
|
CVE-2024-50137
|
2024-11-8 23:29 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304136
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Use raw_spinlock_t in ringbuf
The function __bpf_ringbuf_reserve is invoked from a tracepoint, which
disables preemption. Us…
|
NVD-CWE-noinfo
|
CVE-2024-50138
|
2024-11-8 23:27 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304137
|
- |
|
-
|
-
|
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a s…
|
-
|
CVE-2024-7784
|
2024-11-8 18:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304138
|
- |
|
-
|
-
|
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. …
|
-
|
CVE-2024-6979
|
2024-11-8 18:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304139
|
- |
|
-
|
-
|
Marinus Pfund, member of the AXIS OS Bug Bounty Program,
has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device.
Axis ha…
|
-
|
CVE-2024-6509
|
2024-11-8 18:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304140
|
- |
|
-
|
-
|
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour confi…
|
-
|
CVE-2024-6173
|
2024-11-8 18:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
