|
314791
|
6.1 |
MEDIUM
Network
|
raspcontrol_project
|
raspcontrol
|
Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/r…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8413
|
2024-09-6 02:40 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314792
|
6.8 |
MEDIUM
Adjacent
|
wayos
|
fbm-291w_firmware
|
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
|
CWE-77
Command Injection
|
CVE-2024-44383
|
2024-09-6 02:38 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314793
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix for possible memory corruption
Init Control Block is dereferenced incorrectly. Correctly dereference ICB
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42288
|
2024-09-6 02:38 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314794
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: During vport delete send async logout explicitly
During vport delete, it is observed that during unload we hit a c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42289
|
2024-09-6 02:37 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314795
|
8.8 |
HIGH
Network
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebr…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-40645
|
2024-09-6 02:09 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314796
|
5.9 |
MEDIUM
Network
|
fogproject
|
fogproject
|
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the c…
|
CWE-862
Missing Authorization
|
CVE-2024-41108
|
2024-09-6 01:27 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314797
|
7.8 |
HIGH
Local
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable b…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-41954
|
2024-09-6 01:18 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314798
|
7.5 |
HIGH
Network
|
ruby-lang
|
rexml
|
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-41946
|
2024-09-6 01:09 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314799
|
7.2 |
HIGH
Network
|
dell
|
cloudlink
|
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could pote…
|
NVD-CWE-Other
|
CVE-2024-38482
|
2024-09-6 01:04 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314800
|
9.8 |
CRITICAL
Network
|
any1
|
neatvnc
|
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.
|
NVD-CWE-noinfo
|
CVE-2024-42458
|
2024-09-6 00:51 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
