|
313701
|
9.8 |
CRITICAL
Network
|
hillstonenet
|
web_application_firewall
|
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firew…
|
CWE-77
Command Injection
|
CVE-2024-8073
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313702
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address 0xdffffc0…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-44939
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313703
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to cover read extent cache access with lock
syzbot reports a f2fs bug as below:
BUG: KASAN: slab-use-after-free in san…
|
CWE-416
Use After Free
|
CVE-2024-44941
|
2024-09-13 05:57 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313704
|
7.5 |
HIGH
Network
|
dfinity
|
canister_developer_kit_for_the_internet_computer
|
When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked a…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-7884
|
2024-09-13 05:47 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313705
|
8.8 |
HIGH
Network
|
mitel
|
mivoice_mx-one
|
The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successfu…
|
NVD-CWE-noinfo
|
CVE-2024-36446
|
2024-09-13 05:47 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313706
|
4.3 |
MEDIUM
Network
|
imagerecycle
|
imagerecycle_pdf_\&_image_compression
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-6631
|
2024-09-13 05:39 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313707
|
- |
|
-
|
-
|
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks…
|
-
|
CVE-2024-7891
|
2024-09-13 05:35 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313708
|
6.5 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a…
|
CWE-74
Injection
|
CVE-2024-42903
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313709
|
5.4 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43412
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313710
|
6.1 |
MEDIUM
Network
|
syspass
|
syspass
|
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientCon…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42904
|
2024-09-13 05:19 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
