|
304511
|
8.8 |
HIGH
Network
|
autolabproject
|
autolab
|
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient…
|
CWE-863
Incorrect Authorization
|
CVE-2024-49376
|
2024-11-15 07:49 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304512
|
9.8 |
CRITICAL
Network
|
vice
|
webopac
|
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2024-11016
|
2024-11-15 06:53 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304513
|
9.8 |
CRITICAL
Network
|
matrixcomsec
|
cosec_vega_faxq_firmware
|
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vu…
|
NVD-CWE-Other
|
CVE-2024-10381
|
2024-11-15 06:44 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304514
|
5.9 |
MEDIUM
Network
|
ibm
|
txseries_for_multiplatforms
|
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the …
|
NVD-CWE-noinfo
|
CVE-2024-41738
|
2024-11-15 05:51 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304515
|
7.8 |
HIGH
Local
|
bytecodealliance
|
webassembly_micro_runtime
|
An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility func…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-25431
|
2024-11-15 05:42 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304516
|
5.3 |
MEDIUM
Network
|
ibm
|
txseries_for_multiplatforms
|
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-41741
|
2024-11-15 05:42 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304517
|
8.8 |
HIGH
Network
|
sbond
|
watcharr
|
A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation…
|
NVD-CWE-noinfo
|
CVE-2024-50634
|
2024-11-15 05:40 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304518
|
7.8 |
HIGH
Local
|
artifex
debian
suse
|
ghostscript
debian_linux
linux_enterprise_high_performance_computing
linux_enterprise_server
linux_enterprise_server_for_sap
|
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
|
CWE-125
Out-of-bounds Read
|
CVE-2024-46956
|
2024-11-15 05:39 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304519
|
6.7 |
MEDIUM
Local
|
fortinet
|
forticlient
|
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-40592
|
2024-11-15 05:37 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304520
|
8.8 |
HIGH
Local
|
fortinet
|
forticlient
|
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate thei…
|
CWE-270
Privilege Context Switching Error
|
CVE-2024-36513
|
2024-11-15 05:35 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
