Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-35517 | Command Injection vulnerability in Netgear Xr1000 Firmware 1.0.0.64 Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. | 7.2 |
| 2024-10-11 | CVE-2024-35522 | Command Injection vulnerability in Netgear Ex3700 Firmware Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. | 7.2 |
| 2024-10-11 | CVE-2024-48937 | Cross-site Scripting vulnerability in Znuny Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. | 6.1 |
| 2024-10-11 | CVE-2024-48938 | Unspecified vulnerability in Znuny Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. | 7.5 |
| 2024-10-11 | CVE-2024-47331 | SQL Injection vulnerability in Ninjateam Multi Step for Contact Form 7 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. | 9.8 |
| 2024-10-11 | CVE-2024-44157 | Out-of-bounds Write vulnerability in Apple TV and Itunes A stack buffer overflow was addressed through improved input validation. | 5.5 |
| 2024-10-11 | CVE-2024-9539 | Unspecified vulnerability in Github Enterprise Server An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. | 4.3 |
| 2024-10-11 | CVE-2024-47877 | Unspecified vulnerability in Codeclysm Extract Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. | 7.5 |
| 2024-10-11 | CVE-2024-9859 | Type Confusion vulnerability in Google Chrome Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
| 2024-10-11 | CVE-2024-33578 | A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. local low complexity | 7.8 |