|
309541
|
- |
|
-
|
-
|
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n…
|
CWE-862
Missing Authorization
|
CVE-2024-37095
|
2024-11-2 00:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309542
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check phantom_stream before it is used
dcn32_enable_phantom_stream can return null, so returned value
must be ch…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49897
|
2024-11-1 23:55 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309543
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/guc_submit: add missing locking in wedged_fini
Any non-wedged queue can have a zero refcount here and can be running
concu…
|
CWE-667
Improper Locking
|
CVE-2024-49943
|
2024-11-1 23:54 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309544
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/ncsi: Disable the ncsi work before freeing the associated structure
The work function can run after the ncsi device is freed,…
|
CWE-416
Use After Free
|
CVE-2024-49945
|
2024-11-1 23:52 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309545
|
5.9 |
MEDIUM
Network
|
securesystems
|
connaisseur
|
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2023-7279
|
2024-11-1 23:43 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309546
|
9.8 |
CRITICAL
Network
|
tenda
|
ac1206_firmware
|
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation l…
|
CWE-78
OS Command
|
CVE-2024-9793
|
2024-11-1 23:36 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309547
|
- |
|
-
|
-
|
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the ma…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-50356
|
2024-11-1 23:35 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309548
|
7.1 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect …
|
CWE-863
Incorrect Authorization
|
CVE-2024-8691
|
2024-11-1 23:26 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309549
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_desktop
|
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
|
NVD-CWE-Other
|
CVE-2024-45835
|
2024-11-1 23:20 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309550
|
5.3 |
MEDIUM
Network
|
mattermost
|
mattermost_desktop
|
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
|
NVD-CWE-noinfo
|
CVE-2024-39772
|
2024-11-1 23:20 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
