|
305641
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
lib: objagg: Fix general protection fault
The library supports aggregation of objects into other objects only if
the parent objec…
|
NVD-CWE-noinfo
|
CVE-2024-43846
|
2024-10-26 04:52 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305642
|
3.3 |
LOW
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix bogus checksum computation in udf_rename()
Syzbot reports uninitialized memory access in udf_rename() when updating
chec…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-43845
|
2024-10-26 04:51 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305643
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix memory leak in exfat_load_bitmap()
If the first directory entry in the root directory is not a bitmap
directory entry,…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-50013
|
2024-10-26 04:49 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305644
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: wow: fix GTK offload H2C skbuff issue
We mistakenly put skb too large and that may exceed skb->end.
Therefore, we fi…
|
NVD-CWE-noinfo
|
CVE-2024-43844
|
2024-10-26 04:49 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305645
|
5.4 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48707
|
2024-10-26 04:11 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305646
|
5.4 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48708
|
2024-10-26 04:10 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305647
|
8.8 |
HIGH
Network
|
pandorafms
|
pandora_fms
|
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.
|
CWE-89
SQL Injection
|
CVE-2024-9987
|
2024-10-26 04:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305648
|
8.8 |
HIGH
Network
|
pandorafms
|
pandora_fms
|
A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.
|
CWE-22
Path Traversal
|
CVE-2024-35308
|
2024-10-26 04:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305649
|
4.8 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.
|
CWE-79
Cross-site Scripting
|
CVE-2024-46240
|
2024-10-26 04:00 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305650
|
7.5 |
HIGH
Network
|
phpgurukul
|
client_management_system
|
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
|
CWE-89
SQL Injection
|
CVE-2024-48570
|
2024-10-26 03:59 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
