|
309641
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Disable coherent dumb buffers without 3d
Coherent surfaces make only sense if the host renders to them using
accelera…
|
NVD-CWE-noinfo
|
CVE-2024-46712
|
2024-09-19 22:09 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309642
|
9.8 |
CRITICAL
Network
|
tnbmobil
|
cockpit
|
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-6656
|
2024-09-19 22:05 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309643
|
5.3 |
MEDIUM
Network
|
secreto31126
|
whatsapp-api-js
|
whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the…
|
NVD-CWE-Other
|
CVE-2024-45607
|
2024-09-19 11:05 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309644
|
8.8 |
HIGH
Network
|
rockwellautomation
|
2800c_optixpanel_compact_firmware
2800s_optixpanel_standard_firmware
embedded_edge_compute_module_firmware
|
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials an…
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-8533
|
2024-09-19 10:57 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309645
|
9.8 |
CRITICAL
Network
|
rockwellautomation
|
pavilion8
|
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execut…
|
CWE-22
Path Traversal
|
CVE-2024-7961
|
2024-09-19 10:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309646
|
9.1 |
CRITICAL
Network
|
rockwellautomation
|
pavilion8
|
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect pri…
|
NVD-CWE-noinfo
|
CVE-2024-7960
|
2024-09-19 10:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309647
|
4.3 |
MEDIUM
Network
|
lenovo
|
xclarity_administrator
|
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
|
NVD-CWE-noinfo
|
CVE-2024-45103
|
2024-09-19 10:50 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309648
|
6.5 |
MEDIUM
Network
|
lenovo
|
xclarity_administrator
|
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
|
NVD-CWE-noinfo
|
CVE-2024-45104
|
2024-09-19 10:49 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309649
|
9.8 |
CRITICAL
Network
|
heyewei
|
jfinalcms
|
A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads t…
|
CWE-22
Path Traversal
|
CVE-2024-8782
|
2024-09-19 10:46 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309650
|
6.5 |
MEDIUM
Adjacent
|
zephyrproject
|
zephyr
|
BT: Encryption procedure host vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-5754
|
2024-09-19 10:44 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
