7.8

CVSS3.1

CVE-2024-4132 -

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.

πŸ“… Published: Oct. 11, 2024, 3:16 p.m. πŸ”„ Last Modified: Oct. 17, 2024, 7:40 p.m.

7.8

CVSS3.1

CVE-2024-4131 -

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.

πŸ“… Published: Oct. 11, 2024, 3:15 p.m. πŸ”„ Last Modified: Oct. 17, 2024, 7:40 p.m.

7.8

CVSS3.1

CVE-2024-4130 -

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.

πŸ“… Published: Oct. 11, 2024, 3:15 p.m. πŸ”„ Last Modified: Oct. 17, 2024, 7:41 p.m.

7.8

CVSS3.1

CVE-2024-4089 -

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.

πŸ“… Published: Oct. 11, 2024, 3:15 p.m. πŸ”„ Last Modified: Oct. 17, 2024, 7:41 p.m.

5.5

CVSS3.1

CVE-2024-5474 -

A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions…

πŸ“… Published: Oct. 11, 2024, 3:15 p.m. πŸ”„ Last Modified: Nov. 15, 2024, 5 p.m.

10

CVSS3.1

CVE-2024-47875 - DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

πŸ“… Published: Oct. 11, 2024, 2:59 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 9:16 p.m.

9.3

CVSS3.1

CVE-2024-47830 - Plane allows server side request forgery via /_next/image endpoint

Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.

πŸ“… Published: Oct. 11, 2024, 2:55 p.m. πŸ”„ Last Modified: Nov. 12, 2024, 7:55 p.m.

9.3

CVSS4.0

CVE-2024-47074 - Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vu…

DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, PgConfi…

πŸ“… Published: Oct. 11, 2024, 2:45 p.m. πŸ”„ Last Modified: Nov. 12, 2024, 7:52 p.m.

8.6

CVSS3.1

CVE-2024-45402 - Picotls double free

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occu…

πŸ“… Published: Oct. 11, 2024, 2:38 p.m. πŸ”„ Last Modified: Nov. 12, 2024, 8:02 p.m.

7.5

CVSS3.1

CVE-2024-45396 - Quicly assertion failures

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc414…

πŸ“… Published: Oct. 11, 2024, 2:36 p.m. πŸ”„ Last Modified: Nov. 12, 2024, 8:05 p.m.
Total resulsts: 349182
Page 8314 of 34,919
Β« previous page Β» next page
Filters