|
312221
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix for possible memory corruption
Init Control Block is dereferenced incorrectly. Correctly dereference ICB
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42288
|
2024-09-6 02:38 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312222
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: During vport delete send async logout explicitly
During vport delete, it is observed that during unload we hit a c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42289
|
2024-09-6 02:37 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312223
|
8.8 |
HIGH
Network
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebr…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-40645
|
2024-09-6 02:09 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312224
|
5.9 |
MEDIUM
Network
|
fogproject
|
fogproject
|
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the c…
|
CWE-862
Missing Authorization
|
CVE-2024-41108
|
2024-09-6 01:27 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312225
|
7.8 |
HIGH
Local
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable b…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-41954
|
2024-09-6 01:18 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312226
|
7.5 |
HIGH
Network
|
ruby-lang
|
rexml
|
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-41946
|
2024-09-6 01:09 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312227
|
7.2 |
HIGH
Network
|
dell
|
cloudlink
|
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could pote…
|
NVD-CWE-Other
|
CVE-2024-38482
|
2024-09-6 01:04 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312228
|
9.8 |
CRITICAL
Network
|
any1
|
neatvnc
|
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.
|
NVD-CWE-noinfo
|
CVE-2024-42458
|
2024-09-6 00:51 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312229
|
5.4 |
MEDIUM
Network
|
metaphorcreations
|
ditty
|
The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6710
|
2024-09-6 00:30 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312230
|
8.8 |
HIGH
Network
|
wpsoul
|
greenshift_query_addon
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query a…
|
CWE-89
SQL Injection
|
CVE-2024-43942
|
2024-09-6 00:25 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
