|
315511
|
8.8 |
HIGH
Network
|
xwiki
|
pro_macros
|
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform …
|
CWE-74
Injection
|
CVE-2024-42489
|
2024-09-17 04:46 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315512
|
5.5 |
MEDIUM
Local
|
nvidia
|
cuda_toolkit
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-0102
|
2024-09-17 04:37 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315513
|
8.8 |
HIGH
Local
|
nvidia
|
jetson_linux
|
NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-0108
|
2024-09-17 04:27 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315514
|
7.5 |
HIGH
Network
|
nvidia
|
mlnx-os
mlnx-gw
onyx
nvda-os_xc
|
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch…
|
NVD-CWE-Other
|
CVE-2024-0101
|
2024-09-17 04:24 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315515
|
8.8 |
HIGH
Network
|
solarwinds
|
access_rights_manager
|
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, r…
|
NVD-CWE-noinfo
|
CVE-2024-28991
|
2024-09-17 03:06 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315516
|
9.8 |
CRITICAL
Network
|
solarwinds
|
access_rights_manager
|
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-28990
|
2024-09-17 03:05 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315517
|
5.4 |
MEDIUM
Network
|
mindsdb
|
mindsdb
|
A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45856
|
2024-09-17 03:04 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315518
|
7.5 |
HIGH
Network
|
mindsdb
|
mindsdb
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘fi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45855
|
2024-09-17 03:03 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315519
|
7.5 |
HIGH
Network
|
mindsdb
|
mindsdb
|
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘descri…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45854
|
2024-09-17 03:02 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315520
|
7.5 |
HIGH
Network
|
mindsdb
|
mindsdb
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45853
|
2024-09-17 02:59 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
