Latest CVE Feed
-
2.2
LOWCVE-2024-21244
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces... Read more
- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
6.7
MEDIUMCVE-2024-23370
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.... Read more
Affected Products : sw5100_firmware sw5100p_firmware wcn3980_firmware wcn3988_firmware wsa8830_firmware wsa8835_firmware qca6584au_firmware qca6698aq_firmware qca9377_firmware qca9367_firmware +12 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
6.7
MEDIUMCVE-2024-23374
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.... Read more
Affected Products : qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware sw5100_firmware +42 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
6.7
MEDIUMCVE-2024-23375
Memory corruption during the network scan request.... Read more
Affected Products : sa6155p_firmware sa8155p_firmware sa8195p_firmware sw5100_firmware sw5100p_firmware wcn3980_firmware wcn3988_firmware wsa8830_firmware wsa8835_firmware sa4150p_firmware +18 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
4.3
MEDIUMCVE-2024-43780
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.... Read more
- Published: Aug. 22, 2024
- Modified: Oct. 16, 2024
-
6.7
MEDIUMCVE-2024-23376
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.... Read more
Affected Products : qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware sw5100_firmware +32 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
6.0
MEDIUMCVE-2024-42497
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams.... Read more
- Published: Aug. 22, 2024
- Modified: Oct. 16, 2024
-
9.0
HIGHCVE-2024-8231
A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow.... Read more
- Published: Aug. 28, 2024
- Modified: Oct. 16, 2024
-
6.7
MEDIUMCVE-2024-23378
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.... Read more
Affected Products : qca6584au_firmware qca6698aq_firmware sa9000p_firmware qam8255p_firmware sa8255p_firmware qam8650p_firmware qam8775p_firmware qca6584au sa8770p_firmware sa8775p_firmware +26 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
6.7
MEDIUMCVE-2024-23379
Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.... Read more
Affected Products : wcd9341_firmware wcd9380_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware qca6310_firmware qca6584au_firmware qca6698aq_firmware wcd9335_firmware +58 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.7
HIGHCVE-2024-45290
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by r... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
8.2
HIGHCVE-2024-33064
Information disclosure while parsing the multiple MBSSID IEs from the beacon.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-33066
Memory corruption while redirecting log file to any file location with any file name.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33069
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware sw5100_firmware sw5100p_firmware +78 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33070
Transient DOS while parsing ESP IE from beacon/probe response frame.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33071
Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
5.3
MEDIUMCVE-2024-48790
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more
Affected Products :- Published: Oct. 14, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-48782
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-48781
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-44775
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024