Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-19 CVE-2024-50302 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
local
low complexity
linux CWE-908
5.5
5.5
2024-11-19 CVE-2023-52921 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Security.
local
low complexity
linux CWE-416
7.8
7.8
2024-11-18 CVE-2024-21287 Incorrect Authorization vulnerability in Oracle Agile Product Lifecycle Management 9.3.6
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension).
network
low complexity
oracle CWE-863
7.5
7.5
2024-11-18 CVE-2020-26067 A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames.
network
low complexity
CWE-80
5.4
5.4
2024-11-18 CVE-2024-10390 The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0.
network
low complexity
CWE-862
6.4
6.4
2024-11-18 CVE-2020-26071 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands.
local
low complexity
CWE-22
8.4
8.4
2024-11-18 CVE-2020-3431 A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software.
network
low complexity
CWE-79
6.1
6.1
2024-11-18 CVE-2020-3538 A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement.
network
low complexity
 4.6
4.6
2024-11-18 CVE-2020-3539 A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges.
network
low complexity
CWE-285
6.3
6.3
2024-11-18 CVE-2021-1232 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system.
network
low complexity
CWE-522
6.5
6.5