๐จ CVE-2024-21357
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
๐@cveNotify
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
๐@cveNotify
๐จ CVE-2024-9301
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
๐@cveNotify
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
๐@cveNotify
GitHub
security-bulletins/advisories/nflx-2024-004.md at master ยท Netflix/security-bulletins
Security Bulletins that relate to Netflix Open Source - Netflix/security-bulletins
๐จ CVE-2024-47186
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.
๐@cveNotify
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.
๐@cveNotify
GitHub
Merge commit from fork ยท filamentphp/filament@df79893
escape string state
๐จ CVE-2024-21455
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
๐@cveNotify
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
๐@cveNotify
๐จ CVE-2024-23369
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
๐@cveNotify
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
๐@cveNotify
๐จ CVE-2024-23370
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.
๐@cveNotify
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.
๐@cveNotify
๐จ CVE-2024-23374
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
๐@cveNotify
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
๐@cveNotify
๐จ CVE-2024-23376
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.
๐@cveNotify
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.
๐@cveNotify
๐จ CVE-2024-23378
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.
๐@cveNotify
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.
๐@cveNotify
๐จ CVE-2020-15415
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
๐@cveNotify
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
๐@cveNotify
GitHub
GitHub - CLP-team/Vigor-Commond-Injection
Contribute to CLP-team/Vigor-Commond-Injection development by creating an account on GitHub.
๐จ CVE-2024-21403
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
๐@cveNotify
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
๐@cveNotify
๐จ CVE-2024-21420
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
๐@cveNotify
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
๐@cveNotify
๐จ CVE-2024-46453
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
๐@cveNotify
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
๐@cveNotify
GitHub
GitHub - nosmo-gla/iq3xcite-XSS-2.31-3.05
Contribute to nosmo-gla/iq3xcite-XSS-2.31-3.05 development by creating an account on GitHub.
๐จ CVE-2017-10271
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
๐@cveNotify
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
๐@cveNotify
๐จ CVE-2019-0344
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
๐@cveNotify
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
๐@cveNotify
๐จ CVE-2023-25280
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
๐@cveNotify
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
๐@cveNotify
GitHub
D_Link_Vuln/cmd Inject in pingV4Msg at main ยท migraine-sudo/D_Link_Vuln
Contribute to migraine-sudo/D_Link_Vuln development by creating an account on GitHub.
๐จ CVE-2024-47126
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.
๐@cveNotify
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.
๐@cveNotify
๐จ CVE-2024-47127
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulnerability can be exploited if the device is being used in a unencrypted environment or if the cryptography has already been compromised.
๐@cveNotify
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulnerability can be exploited if the device is being used in a unencrypted environment or if the cryptography has already been compromised.
๐@cveNotify
๐จ CVE-2024-7714
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'
๐@cveNotify
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'
๐@cveNotify
WPScan
AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
See details on AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls CVE 2024-7714. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-46802
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: added NULL check at start of dc_validate_stream
[Why]
prevent invalid memory access
[How]
check if dc and stream are NULL
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: added NULL check at start of dc_validate_stream
[Why]
prevent invalid memory access
[How]
check if dc and stream are NULL
๐@cveNotify