Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-5474 | Incorrect Default Permissions vulnerability in Lenovo Dolby Vision Provisioning A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. | 5.5 |
| 2024-10-11 | CVE-2024-6985 | Relative Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. | 4.4 |
| 2024-10-11 | CVE-2024-8376 | Improper Handling of Exceptional Conditions vulnerability in Eclipse Mosquitto In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | 7.5 |
| 2024-10-11 | CVE-2024-9046 | Uncontrolled Search Path Element vulnerability in Lenovo Starstudio A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | 7.8 |
| 2024-10-11 | CVE-2024-25622 | Always-Incorrect Control Flow Implementation vulnerability in Dena H2O h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. | 4.3 |
| 2024-10-11 | CVE-2024-45396 | Reachable Assertion vulnerability in Dena Quicly Quicly is an IETF QUIC protocol implementation. | 7.5 |
| 2024-10-11 | CVE-2024-45397 | Authentication Bypass by Spoofing vulnerability in Dena H2O h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. | 7.5 |
| 2024-10-11 | CVE-2024-45402 | Double Free vulnerability in Dena Picotls Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. | 9.8 |
| 2024-10-11 | CVE-2024-45403 | Reachable Assertion vulnerability in Dena H2O h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. | 7.5 |
| 2024-10-11 | CVE-2024-47074 | Deserialization of Untrusted Data vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 9.8 |