|
307761
|
9.8 |
CRITICAL
Network
|
kvf-admin_project
|
kvf-admin
|
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUpl…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9280
|
2024-10-5 03:00 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307762
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add array index check for hdcp ddc access
[Why]
Coverity reports OVERRUN warning. Do not check if array
index va…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46804
|
2024-10-5 02:51 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307763
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Check debug trap enable before write dbg_ev_file
In interrupt context, write dbg_ev_file will be run by work queue. I…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46803
|
2024-10-5 02:45 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307764
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
Make sure the connector is fully initialized…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46810
|
2024-10-5 02:43 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307765
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu: Check tbo resource pointer
Validate tbo resource pointer, skip if NULL
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46807
|
2024-10-5 02:40 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307766
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check link_index before accessing dc->links[]
[WHY & HOW]
dc->links[] has max size of MAX_LINKS and NULL is retu…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46813
|
2024-10-5 02:38 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307767
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check BIOS images before it is used
BIOS images may fail to load and null checks are added before they are
used.…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46809
|
2024-10-5 02:33 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307768
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsaniti…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-4099
|
2024-10-5 02:33 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307769
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauth…
|
CWE-863
Incorrect Authorization
|
CVE-2024-8974
|
2024-10-5 02:30 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307770
|
7.5 |
HIGH
Network
|
ays-pro
|
chatgpt_assistant
|
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-7713
|
2024-10-5 02:28 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
