|
314661
|
5.8 |
MEDIUM
Network
|
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-10006
|
2024-11-9 03:10 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314662
|
5.8 |
MEDIUM
Network
|
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
|
CWE-22
Path Traversal
|
CVE-2024-10005
|
2024-11-9 03:10 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314663
|
7.5 |
HIGH
Adjacent
|
hp
|
poly_tc8_firmware
poly_tc10_firmware
poly_studio_g7500_firmware
poly_studio_x30_firmware
poly_studio_x50_firmware
poly_studio_x70_firmware
poly_studio_x52_firmware
poly_studio_g6…
|
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a …
|
CWE-77
Command Injection
|
CVE-2024-9579
|
2024-11-9 03:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314664
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_painter
|
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-49522
|
2024-11-9 03:06 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314665
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
In the normal case, when we excute `echo 0 > /proc/fs/…
|
CWE-416
Use After Free
|
CVE-2024-50121
|
2024-11-9 03:05 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314666
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Handle kstrdup failures for passwords
In smb3_reconfigure(), after duplicating ctx->password and
ctx->password2 with…
|
NVD-CWE-noinfo
|
CVE-2024-50120
|
2024-11-9 03:04 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314667
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix warning when destroy 'cifs_io_request_pool'
There's a issue as follows:
WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 fr…
|
NVD-CWE-noinfo
|
CVE-2024-50119
|
2024-11-9 03:03 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314668
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reject ro->rw reconfiguration if there are hard ro requirements
[BUG]
Syzbot reports the following crash:
BTRFS info (d…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50118
|
2024-11-9 03:02 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314669
|
2.7 |
LOW
Network
|
grafana
|
grafana
|
Organization admins can delete pending invites created in an organization they are not part of.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10452
|
2024-11-9 02:59 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314670
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Guard against bad data for ATIF ACPI method
If a BIOS provides bad data in response to an ATIF method call
this causes a…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50117
|
2024-11-9 02:53 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
