Lucene search
K

4721 matches found

Vulnrichment
Vulnrichment
added 2024/10/26 1:58 a.m.20 views

CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...

9.8CVSS5.9AI score0.01935EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/10/26 1:58 a.m.44 views

CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...

9.8CVSS0.01935EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2024/10/26 12:0 a.m.9 views

PT-2024-39948 · WordPress · Watchtowerhq

Name of the Vulnerable Software and Affected Versions: WatchTowerHQ plugin for WordPress versions up to, and including, 3.9.6 Description: The issue is related to authentication bypass. This is due to the watchtower ota token default value being empty and the missing not empty check in the Passwo...

9.8CVSS7.2AI score0.01935EPSS
Exploits2References5
OSV
OSV
added 2024/10/23 5:22 p.m.10 views

GHSA-HF59-7RWQ-785M In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

Impact What kind of vulnerability is it? Who is impacted? In certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would allow their hooks side effects to be performed when they...

5.3CVSS5.4AI score0.00499EPSS
Exploits0References6
OSV
OSV
added 2024/10/23 5:56 a.m.1 views

BELL-CVE-2024-47708

Bulletin has no description...

5.5CVSS7.2AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.4 views

PT-2024-9137 · Unknown · Ashpostgres

Name of the Vulnerable Software and Affected Versions: AshPostgres versions 2.0.0 through 2.4.9 Description: The issue is related to the skipping of policies in update actions under specific conditions, allowing side effects to be triggered when they should not have been. This occurs only on...

5.3CVSS7.2AI score0.00499EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2024/10/22 6:38 a.m.14 views

CVE-2022-48996

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damonsysfssetschemes Commit da87878010e5 "mm/damon/sysfs: support online inputs update" made 'damonsysfssetschemes' to be called for running DAMON context,...

5.5CVSS5.2AI score0.00211EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/10/22 2:50 a.m.1 views

SUSE CVE-2024-50011

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS7.7AI score0.00189EPSS
Exploits0References5
OSV
OSV
added 2024/10/21 8:15 p.m.6 views

AZL-51242 CVE-2024-50035 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...

7.1CVSS6.7AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 8:15 p.m.3 views

UBUNTU-CVE-2024-50035

In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...

7.1CVSS6.5AI score0.00272EPSS
Exploits0References41
NVD
NVD
added 2024/10/21 7:15 p.m.15 views

CVE-2024-50011

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS0.00189EPSS
Exploits0References2
OSV
OSV
added 2024/10/21 7:15 p.m.2 views

DEBIAN-CVE-2024-50011

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS5.4AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 7:15 p.m.1 views

UBUNTU-CVE-2024-50011

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS5.7AI score0.00189EPSS
Exploits0References8
CVE
CVE
added 2024/10/21 6:54 p.m.105 views

CVE-2024-50011

CVE-2024-50011 is a Linux kernel vulnerability describing an ASoC: Intel soc-acpi-intel-rpl-match issue where an empty item is required in struct snd_soc_acpi_link_adr[]. The root cause is the absence of a links_num and the test !link-&gt;num_adr to end the loop in hda_sdw_machine_select(), which...

5.5CVSS5.2AI score0.00189EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/21 6:54 p.m.14 views

CVE-2024-50011 ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS6.1AI score0.00189EPSS
Exploits0References5
OSV
OSV
added 2024/10/21 6:15 p.m.1 views

DEBIAN-CVE-2024-49904

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...

5.5CVSS4.8AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 6:15 p.m.6 views

AZL-51554 CVE-2024-49904 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...

5.5CVSS5.6AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 6:15 p.m.8 views

AZL-51413 CVE-2024-49904 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...

5.5CVSS5.6AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 6:15 p.m.2 views

UBUNTU-CVE-2024-49904

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...

5.5CVSS5.7AI score0.00233EPSS
Exploits0References9
OSV
OSV
added 2024/10/21 6:15 p.m.3 views

UBUNTU-CVE-2024-49876

In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on a random system wq, which will outlive the driver instance. With bad timing we can teardown the driver with one or more wor...

7.8CVSS6.5AI score0.00245EPSS
Exploits0References20
Rows per page
Query Builder