|
309081
|
7.1 |
HIGH
Network
|
redhat
|
keycloak
single_sign-on
build_of_keycloak
|
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin opti…
|
CWE-384
Session Fixation
|
CVE-2024-7341
|
2024-10-4 21:48 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309082
|
- |
|
-
|
-
|
This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indi…
|
-
|
CVE-2024-44207
|
2024-10-4 09:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309083
|
- |
|
-
|
-
|
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.
|
-
|
CVE-2024-44204
|
2024-10-4 09:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309084
|
- |
|
-
|
-
|
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder …
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2024-7387
|
2024-10-4 06:15 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309085
|
8.6 |
HIGH
Network
|
cisco
|
ios_xe
|
A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition o…
|
NVD-CWE-noinfo
|
CVE-2024-20467
|
2024-10-4 05:09 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309086
|
8.6 |
HIGH
Network
|
cisco
|
ios_xe
|
A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utiliz…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-20480
|
2024-10-4 05:07 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309087
|
9.8 |
CRITICAL
Network
|
secom
|
dr.id_attendance_system
|
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database cont…
|
CWE-89
SQL Injection
|
CVE-2024-7732
|
2024-10-4 03:39 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309088
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/mgag200: Bind I2C lifetime to DRM device
Managed cleanup with devm_add_action_or_reset() will release the I2C
adapter when th…
|
NVD-CWE-noinfo
|
CVE-2024-44967
|
2024-10-4 03:21 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309089
|
5.4 |
MEDIUM
Network
|
dotcamp
|
ultimate_blocks
|
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow use…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8536
|
2024-10-4 03:16 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309090
|
7.5 |
HIGH
Adjacent
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Al…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-23935
|
2024-10-4 03:07 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
