|
314361
|
6.5 |
MEDIUM
Network
|
9front
|
lib9p
|
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is du…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8158
|
2024-09-13 06:00 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314362
|
9.8 |
CRITICAL
Network
|
hillstonenet
|
web_application_firewall
|
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firew…
|
CWE-77
Command Injection
|
CVE-2024-8073
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314363
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address 0xdffffc0…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-44939
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314364
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to cover read extent cache access with lock
syzbot reports a f2fs bug as below:
BUG: KASAN: slab-use-after-free in san…
|
CWE-416
Use After Free
|
CVE-2024-44941
|
2024-09-13 05:57 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314365
|
7.5 |
HIGH
Network
|
dfinity
|
canister_developer_kit_for_the_internet_computer
|
When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked a…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-7884
|
2024-09-13 05:47 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314366
|
8.8 |
HIGH
Network
|
mitel
|
mivoice_mx-one
|
The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successfu…
|
NVD-CWE-noinfo
|
CVE-2024-36446
|
2024-09-13 05:47 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314367
|
4.3 |
MEDIUM
Network
|
imagerecycle
|
imagerecycle_pdf_\&_image_compression
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-6631
|
2024-09-13 05:39 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314368
|
- |
|
-
|
-
|
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks…
|
-
|
CVE-2024-7891
|
2024-09-13 05:35 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314369
|
6.5 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a…
|
CWE-74
Injection
|
CVE-2024-42903
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314370
|
5.4 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43412
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
