7.8
CVE-2024-53194 - PCI: Fix use-after-free of slot->bus on hot remove
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock. Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and commit 59a54c5f3dbd ("thunderboltβ¦
7.8
CVE-2024-56606 - af_packet: avoid erroring out after sock_init_data() in packet_create()
In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling poβ¦
6.9
CVE-2024-12969 - code-projects Hospital Management System Login index.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. Theβ¦
6.9
CVE-2024-12968 - code-projects Job Recruitment _all_edits.php edit_jobpost sql injection
A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function edit_jobpost of the file /_parse/_all_edits.php. The manipulation of the argument jobtype leads to sql injection. The attack can be launched remotely. The exploit haβ¦
5.3
CVE-2024-56361 - Stored Cross-Site Scripting (XSS) in lgsl v7.0
LGSL (Live Game Server List) provides online status for games. Before 7.0.0, a stored cross-site scripting (XSS) vulnerability was identified in lgsl. The function lgsl_query_40 in lgsl_protocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upβ¦
8.6
CVE-2024-55950 - Tabby has a TCC Bypass via Unnecessary Permissive Entitlements in Tabby
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds powβ¦
8.2
CVE-2024-53850 - The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation
The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI.
4.3
CVE-2024-45805 - OpenCTI leaks support information due to inadequate access control
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<oβ¦
6.9
CVE-2024-12967 - code-projects Job Recruitment _all_edits.php fln_update sql injection
A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to sql injection. It is possible to launch the attack remotely. The exploit has beenβ¦
7.7
CVE-2024-45600 - Fields GLPI plugin has an Authenticated SQL Injection
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.