|
306431
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: protect references to superblock parameters exposed in sysfs
The superblock buffers of nilfs2 can not only be overwritten…
|
NVD-CWE-noinfo
|
CVE-2024-46780
|
2024-11-21 02:31 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306432
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook
When enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, t…
|
NVD-CWE-noinfo
|
CVE-2024-46789
|
2024-11-21 02:27 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306433
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is
normally call…
|
NVD-CWE-noinfo
|
CVE-2024-46825
|
2024-11-21 02:24 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306434
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ELF: fix kernel.randomize_va_space double read
ELF loader uses "randomize_va_space" twice. It is sysctl and can change
at any mom…
|
NVD-CWE-noinfo
|
CVE-2024-46826
|
2024-11-21 02:19 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306435
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exis…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20525
|
2024-11-21 01:54 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306436
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exis…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20530
|
2024-11-21 01:50 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306437
|
6.5 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side reques…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2024-20531
|
2024-11-21 01:45 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306438
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_adaudit_plus
|
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
|
CWE-89
SQL Injection
|
CVE-2024-49574
|
2024-11-21 01:32 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306439
|
8.8 |
HIGH
Network
|
zte
|
nh8091_firmware
|
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute…
|
NVD-CWE-noinfo
|
CVE-2024-22067
|
2024-11-21 01:24 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306440
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Add encoder check in intel_hdcp2_get_capability to avoid
null pointer er…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-53050
|
2024-11-21 01:17 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
