|
308931
|
- |
|
-
|
-
|
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
|
-
|
CVE-2024-9379
|
2024-10-10 10:00 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308932
|
8.1 |
HIGH
Network
|
prestashop
|
prestashop
|
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploita…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-41651
|
2024-10-10 03:15 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308933
|
7.2 |
HIGH
Network
|
cisco
|
rv340_dual_wan_gigabit_vpn_router_firmware
rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware
rv345_dual_wan_gigabit_vpn_router_firmware
rv345p_dual_wan_gigabit_poe_vpn_router_firmware
|
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute ar…
|
NVD-CWE-Other
|
CVE-2024-20470
|
2024-10-10 01:55 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308934
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ethtool: fail closed if we can't get max channel used in indirection tables
Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing…
|
NVD-CWE-noinfo
|
CVE-2024-46834
|
2024-10-10 00:57 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308935
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: void array out of bound when loop tnl_num
When query reg inf of SSU, it loops tnl_num times. However, tnl_num comes
fr…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46833
|
2024-10-10 00:54 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308936
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
This avoids warning:
[ 0.118053] BUG: sleeping functi…
|
NVD-CWE-noinfo
|
CVE-2024-46832
|
2024-10-10 00:51 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308937
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: aspeed_udc: validate endpoint index for ast udc
We should verify the bound of the array to assure that host
may not …
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46836
|
2024-10-10 00:47 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308938
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Restrict high priorities on group_create
We were allowing any users to create a high priority group without any
perm…
|
NVD-CWE-noinfo
|
CVE-2024-46837
|
2024-10-10 00:37 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308939
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: don't BUG_ON() if khugepaged yanks our page table
Since khugepaged was changed to allow retracting page tables in fi…
|
NVD-CWE-noinfo
|
CVE-2024-46838
|
2024-10-10 00:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308940
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: s390: fix validity interception issue when gisa is switched off
We might run into a SIE validity if gisa has been disabled e…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-45005
|
2024-10-10 00:30 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
