|
307871
|
7.2 |
HIGH
Network
|
lylme
|
lylme_spage
|
A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql in…
|
CWE-89
SQL Injection
|
CVE-2024-9789
|
2024-10-17 23:26 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307872
|
7.2 |
HIGH
Network
|
lylme
|
lylme_spage
|
A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql in…
|
CWE-89
SQL Injection
|
CVE-2024-9788
|
2024-10-17 23:26 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307873
|
5.4 |
MEDIUM
Network
|
openwebui
|
open_webui
|
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmatio…
|
NVD-CWE-Other
|
CVE-2024-7049
|
2024-10-17 23:22 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307874
|
5.5 |
MEDIUM
Local
|
wireshark
|
wireshark
|
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
|
CWE-909
Missing Initialization of Resource
|
CVE-2024-9780
|
2024-10-17 23:18 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307875
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fou: fix initialization of grc
The grc must be initialize first. There can be a condition where if
fou is NULL, goto out will be …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-46865
|
2024-10-17 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307876
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_socket: fix sk refcount leaks
We must put 'sk' reference before returning.
|
NVD-CWE-Other
|
CVE-2024-46855
|
2024-10-17 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307877
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
The panasonic laptop code in various places uses the SINF a…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46859
|
2024-10-17 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307878
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: Fix uaf in __timer_delete_sync
There are two paths to access mptcp_pm_del_add_timer, result in a race
condition:
…
|
CWE-416
Use After Free
|
CVE-2024-46858
|
2024-10-17 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307879
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix off-by-one in CMA heap fault handler
Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:
D…
|
CWE-193
Off-by-one Error
|
CVE-2024-46852
|
2024-10-17 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307880
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Prevent unmapping active read buffers
The kms paths keep a persistent map active to read and compare the cursor
buffe…
|
NVD-CWE-noinfo
|
CVE-2024-46710
|
2024-10-17 23:15 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
