4.9
CVE-2024-21194 - mysql: InnoDB unspecified vulnerability (CPU Oct 2024)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise β¦
4.9
CVE-2024-21193 - mysql: PS unspecified vulnerability (CPU Oct 2024)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromβ¦
7.6
CVE-2024-21191 - Oracle Fusion Middleware: From CVEorg collector
Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to comprβ¦
7.5
CVE-2024-21190 - Oracle Fusion Middleware: From CVEorg collector
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle β¦
9
CVE-2024-21172 - Oracle Hospitality Applications: From CVEorg collector
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compβ¦
7.5
CVE-2024-5749 - Certain HP DesignJet products β Credential reflection
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.
8.7
CVE-2024-48915 - Agent Dart missing certificate verification checks
Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren't veβ¦
9.1
CVE-2024-48914 - Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStβ¦
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data sucβ¦
5.9
CVE-2024-48913 - Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Thβ¦
8.7
CVE-2024-47876 - Sakai: Kernel users created with type roleview can login as a normal user
Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.