|
307651
|
- |
|
-
|
-
|
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.
|
-
|
CVE-2024-50966
|
2024-11-9 03:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307652
|
- |
|
-
|
-
|
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a com…
|
-
|
CVE-2024-35314
|
2024-11-9 03:15 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307653
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an una…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-47493
|
2024-11-9 03:15 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307654
|
5.8 |
MEDIUM
Network
|
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-10006
|
2024-11-9 03:10 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307655
|
5.8 |
MEDIUM
Network
|
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
|
CWE-22
Path Traversal
|
CVE-2024-10005
|
2024-11-9 03:10 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307656
|
7.5 |
HIGH
Adjacent
|
hp
|
poly_tc8_firmware
poly_tc10_firmware
poly_studio_g7500_firmware
poly_studio_x30_firmware
poly_studio_x50_firmware
poly_studio_x70_firmware
poly_studio_x52_firmware
poly_studio_g6…
|
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a …
|
CWE-77
Command Injection
|
CVE-2024-9579
|
2024-11-9 03:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307657
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_painter
|
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-49522
|
2024-11-9 03:06 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307658
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
In the normal case, when we excute `echo 0 > /proc/fs/…
|
CWE-416
Use After Free
|
CVE-2024-50121
|
2024-11-9 03:05 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307659
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Handle kstrdup failures for passwords
In smb3_reconfigure(), after duplicating ctx->password and
ctx->password2 with…
|
NVD-CWE-noinfo
|
CVE-2024-50120
|
2024-11-9 03:04 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307660
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix warning when destroy 'cifs_io_request_pool'
There's a issue as follows:
WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 fr…
|
NVD-CWE-noinfo
|
CVE-2024-50119
|
2024-11-9 03:03 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
