7
CVE-2024-37365 - FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalateβ¦
7.5
CVE-2024-51564 - bhyve(8) infinite loop in the hda audio driver
A guest can trigger an infinite loop in the hda audio driver.
6.5
CVE-2024-51563 - bhyve(8) virtio_vq_recordon time-of-check to time-of-use race
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
9.3
CVE-2024-8074 - Sensetive Data Exposure in Nomysoft Informatics' Nomysem
Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024.
6.5
CVE-2024-51562 - bhyve(8) nvme_opc_get_log_page buffer over-read
The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.
8.5
CVE-2024-50386 - Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker thaβ¦
2.3
CVE-2024-11126 - Digistar AG-30 Plus Login Page excessive authentication
A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The exploitabilβ¦
6.9
CVE-2024-11125 - GetSimpleCMS profile.php cross-site request forgery
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and mayβ¦
5.1
CVE-2024-11124 - TimGeyssens UIOMatic uioMaticObject.r sql injection
A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical. This vulnerability affects unknown code of the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been dβ¦
5.3
CVE-2024-11123 - δΈζ΅·η΅ε½δΏ‘ζ―η§ζζιε ¬εΈ Lingdang CRM pdf.php path traversal
A vulnerability, which was classified as problematic, was found in δΈζ΅·η΅ε½δΏ‘ζ―η§ζζιε ¬εΈ Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attacβ¦