|
313681
|
9.8 |
CRITICAL
Network
|
ivanti
|
neurons_for_itsm
|
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug informati…
|
NVD-CWE-Other
|
CVE-2024-7569
|
2024-09-7 06:57 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313682
|
9.3 |
CRITICAL
Network
|
roundcube
|
webmail
|
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42009
|
2024-09-7 06:50 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313683
|
9.3 |
CRITICAL
Network
|
roundcube
|
webmail
|
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2024-42008
|
2024-09-7 06:48 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313684
|
4.3 |
MEDIUM
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and …
|
CWE-862
Missing Authorization
|
CVE-2024-37898
|
2024-09-7 06:16 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313685
|
4.6 |
MEDIUM
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be exe…
|
CWE-94
Code Injection
|
CVE-2024-37900
|
2024-09-7 06:06 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313686
|
8.8 |
HIGH
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding ins…
|
CWE-94
Code Injection
|
CVE-2024-37901
|
2024-09-7 05:54 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313687
|
5.4 |
MEDIUM
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is p…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41947
|
2024-09-7 05:46 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313688
|
7.5 |
HIGH
Network
|
intel
|
ethernet_800_series_controllers_driver
|
Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially e…
|
NVD-CWE-noinfo
|
CVE-2024-23499
|
2024-09-7 05:43 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313689
|
7.8 |
HIGH
Local
|
intel
|
oneapi_dpc\+\+\/c\+\+_compiler
high_level_synthesis_compiler
quartus_prime
|
Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-23907
|
2024-09-7 05:38 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313690
|
7.8 |
HIGH
Local
|
intel
|
field_programmable_gate_array_software_development_kit_for_opencl
|
Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-23909
|
2024-09-7 05:33 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
