|
309561
|
7.5 |
HIGH
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-50574
|
2024-10-30 02:16 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309562
|
5.4 |
MEDIUM
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
|
CWE-862
Missing Authorization
|
CVE-2024-50573
|
2024-10-30 02:12 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309563
|
5.4 |
MEDIUM
Network
|
tiandiyoyo
|
flat_ui_button
|
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on us…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10014
|
2024-10-30 01:58 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309564
|
- |
|
-
|
-
|
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
|
-
|
CVE-2024-49214
|
2024-10-30 01:35 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309565
|
- |
|
-
|
-
|
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injectio…
|
-
|
CVE-2024-44667
|
2024-10-30 01:35 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309566
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Prevent buffer overflow in setup handler
Setup function uvc_function_setup permits control transfer
requests wi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2022-48948
|
2024-10-30 01:34 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309567
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
igb: Initialize mailbox message for VF reset
When a MAC address is not assigned to the VF, that portion of the message
sent to th…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2022-48949
|
2024-10-30 01:32 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309568
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
We get the size of the trampoline image during the dry run ph…
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2024-43843
|
2024-10-30 01:29 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309569
|
3.3 |
LOW
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: avoid reporting connection success with wrong SSID
When user issues a connection with a different SSID than the …
|
NVD-CWE-noinfo
|
CVE-2024-43841
|
2024-10-30 01:27 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309570
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
When BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls
__bpf_tramp_enter() …
|
NVD-CWE-noinfo
|
CVE-2024-43840
|
2024-10-30 01:25 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
