|
307041
|
6.5 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to ac…
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2024-48925
|
2024-10-25 23:12 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307042
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix SRCU protection of nvme_ns_head list
Walking the nvme_ns_head siblings list is protected by the head's srcu
in nvme_ns_…
|
CWE-416
Use After Free
|
CVE-2022-49003
|
2024-10-25 23:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307043
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/ct: prevent UAF in send_recv()
Ensure we serialize with completion side to prevent UAF with fence going
out of scope on th…
|
CWE-416
Use After Free
|
CVE-2024-50030
|
2024-10-25 23:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307044
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
There are some cases, such as the one uncovered by Commit 46d4efcc…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49901
|
2024-10-25 23:05 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307045
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix TTLM teardown work
The worker calculates the wrong sdata pointer, so if it ever
runs, it'll crash. Fix that.
|
NVD-CWE-noinfo
|
CVE-2024-43848
|
2024-10-25 22:57 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307046
|
- |
|
-
|
-
|
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privile…
|
-
|
CVE-2024-47013
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307047
|
- |
|
-
|
-
|
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a mal…
|
CWE-352
CWE-94
Origin Validation Error
Code Injection
|
CVE-2024-47879
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307048
|
- |
|
-
|
-
|
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component
|
-
|
CVE-2024-48454
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307049
|
- |
|
-
|
-
|
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orde…
|
-
|
CVE-2024-48143
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307050
|
- |
|
-
|
-
|
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between …
|
-
|
CVE-2024-48142
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
