|
311981
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
Prior to commit 3f29cc82a84c ("nfsd: split sc_status out of
sc_typ…
|
-
|
CVE-2024-46682
|
2024-09-13 15:15 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311982
|
- |
|
-
|
-
|
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain …
|
-
|
CVE-2024-38816
|
2024-09-13 15:15 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311983
|
- |
|
-
|
-
|
In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel w…
|
-
|
CVE-2024-31336
|
2024-09-13 10:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311984
|
8.8 |
HIGH
Network
|
ivanti
|
endpoint_manager
|
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
|
NVD-CWE-Other
|
CVE-2024-8322
|
2024-09-13 06:56 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311985
|
6.7 |
MEDIUM
Local
|
ivanti
|
endpoint_manager
|
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-8441
|
2024-09-13 06:53 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311986
|
8.6 |
HIGH
Network
|
ivanti
|
endpoint_manager
|
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8321
|
2024-09-13 06:53 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311987
|
5.3 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8320
|
2024-09-13 06:51 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311988
|
9.8 |
CRITICAL
Network
|
ivanti
|
endpoint_manager
|
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
|
CWE-89
SQL Injection
|
CVE-2024-8191
|
2024-09-13 06:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311989
|
7.5 |
HIGH
Network
|
apollographql
|
apollo-router
apollo_helms-charts_router
apollo_router
|
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-43783
|
2024-09-13 06:33 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311990
|
7.5 |
HIGH
Network
|
apollographql
|
apollo_router
apollo_helms-charts_router
apollo-router
apollo_query-planner
apollo_gateway
|
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incre…
|
CWE-674
Uncontrolled Recursion
|
CVE-2024-43414
|
2024-09-13 06:33 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
