|
303571
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exis…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20525
|
2024-11-21 01:54 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303572
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exis…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20530
|
2024-11-21 01:50 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303573
|
6.5 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side reques…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2024-20531
|
2024-11-21 01:45 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303574
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_adaudit_plus
|
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
|
CWE-89
SQL Injection
|
CVE-2024-49574
|
2024-11-21 01:32 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303575
|
8.8 |
HIGH
Network
|
zte
|
nh8091_firmware
|
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute…
|
NVD-CWE-noinfo
|
CVE-2024-22067
|
2024-11-21 01:24 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303576
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Add encoder check in intel_hdcp2_get_capability to avoid
null pointer er…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-53050
|
2024-11-21 01:17 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303577
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
Sometimes during hotplug scenario or suspend/resume scenario encode…
|
NVD-CWE-noinfo
|
CVE-2024-53051
|
2024-11-21 01:16 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303578
|
4.3 |
MEDIUM
Network
|
themeum
|
tutor_lms_elementor_addons
|
The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versio…
|
CWE-862
Missing Authorization
|
CVE-2024-10897
|
2024-11-21 01:09 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303579
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tracing/timerlat: Fix a race during cpuhp processing
There is another found exception that the "timerlat/1" thread was
scheduled …
|
CWE-362
Race Condition
|
CVE-2024-49866
|
2024-11-21 00:56 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303580
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
eventfs: Use list_del_rcu() for SRCU protected list variable
Chi Zhiling reported:
We found a null pointer accessing in tracef…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46785
|
2024-11-21 00:51 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
