|
305461
|
- |
|
-
|
-
|
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to …
|
-
|
CVE-2024-44280
|
2024-10-31 00:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305462
|
- |
|
-
|
-
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a file may lead to disclosure of user information.
|
-
|
CVE-2024-44279
|
2024-10-31 00:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305463
|
2.4 |
LOW
Physics
|
apple
|
ipados
iphone_os
|
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from…
|
NVD-CWE-noinfo
|
CVE-2024-40851
|
2024-10-31 00:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305464
|
- |
|
-
|
-
|
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing ne…
|
-
|
CVE-2024-35495
|
2024-10-31 00:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305465
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and T…
|
NVD-CWE-noinfo
|
CVE-2024-8900
|
2024-10-31 00:35 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305466
|
- |
|
-
|
-
|
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
|
-
|
CVE-2024-40743
|
2024-10-31 00:35 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305467
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments sect…
|
-
|
CVE-2024-25837
|
2024-10-31 00:35 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305468
|
8.8 |
HIGH
Network
|
hitachienergy
|
microscada_x_sys600
microscada_pro_sys600
|
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the at…
|
CWE-22
Path Traversal
|
CVE-2024-3980
|
2024-10-31 00:33 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305469
|
8.2 |
HIGH
Local
|
hitachienergy
|
microscada_x_sys600
|
An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already establish…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-3982
|
2024-10-31 00:32 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305470
|
8.8 |
HIGH
Network
|
hitachienergy
|
microscada_x_sys600
microscada_pro_sys600
|
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to suc…
|
NVD-CWE-Other
|
CVE-2024-4872
|
2024-10-31 00:31 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
