Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-38190 | Missing Authorization vulnerability in Microsoft Power Platform Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | 8.6 |
| 2024-10-15 | CVE-2024-38204 | Unspecified vulnerability in Microsoft Azure Functions Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | 6.5 |
| 2024-10-15 | CVE-2024-45085 | Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. | 7.5 |
| 2024-10-15 | CVE-2024-48783 | Unspecified vulnerability in Ruijie Nbr3000D-E Firmware An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component. | 7.5 |
| 2024-10-15 | CVE-2024-9486 | Use of Hard-coded Credentials vulnerability in Kubernetes Image Builder A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. | 9.8 |
| 2024-10-15 | CVE-2024-9594 | Use of Hard-coded Credentials vulnerability in Kubernetes Image Builder A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. | 8.1 |
| 2024-10-15 | CVE-2024-9954 | Use After Free vulnerability in Google Chrome Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-10-15 | CVE-2024-9955 | Use After Free vulnerability in Google Chrome Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-10-15 | CVE-2024-9956 | Unspecified vulnerability in Google Chrome Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. | 7.8 |
| 2024-10-15 | CVE-2024-9957 | Use After Free vulnerability in Google Chrome Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. | 8.8 |