|
308491
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add the missing BPF_LINK_TYPE invocation for sockmap
There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockma…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50123
|
2024-11-9 05:03 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308492
|
5.4 |
MEDIUM
Network
|
f5
|
nginx_ingress_controller
nginx_instance_manager
nginx_api_connectivity_manager
nginx_openid_connect
|
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an…
|
CWE-384
Session Fixation
|
CVE-2024-10318
|
2024-11-9 04:51 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308493
|
5.3 |
MEDIUM
Network
|
erudika
|
scoold
|
Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-50334
|
2024-11-9 04:51 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308494
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: fix global oob in wwan_rtnl_policy
The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to
a global o…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50128
|
2024-11-9 04:39 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308495
|
5.4 |
MEDIUM
Network
|
avecnous
|
event_post
|
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10186
|
2024-11-9 04:21 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308496
|
5.4 |
MEDIUM
Network
|
microfocus
|
imanager
|
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
|
CWE-79
Cross-site Scripting
|
CVE-2020-11859
|
2024-11-9 04:12 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308497
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Unregister redistributor for failed vCPU creation
Alex reports that syzkaller has managed to trigger a use-after-free…
|
CWE-416
Use After Free
|
CVE-2024-50114
|
2024-11-9 04:11 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308498
|
- |
|
-
|
-
|
A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with adminis…
|
-
|
CVE-2024-8810
|
2024-11-9 04:01 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308499
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the conte…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49524
|
2024-11-9 04:01 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308500
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable …
|
CWE-79
Cross-site Scripting
|
CVE-2024-49523
|
2024-11-9 04:01 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
