Total 262286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-7885 1 Redhat 19 Apache Camel Spring Boot, Build Keycloak, Build Of Apache Camel - Hawtio and 16 more 2024-09-09 7.5 High
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
CVE-2024-5971 1 Redhat 12 Apache Camel Spring Boot, Build Keycloak, Camel Spring Boot and 9 more 2024-09-09 7.5 High
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
CVE-2024-8105 2024-09-09 6.4 Medium
A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.
CVE-2024-6925 1 Themetechmount 1 Truebooker-appointment-booking 2024-09-09 4.3 Medium
The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2024-44845 1 Draytek 1 Vigor3900 Firmware 2024-09-09 8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
CVE-2024-44844 1 Draytek 1 Vigor3900 Firmware 2024-09-09 8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
CVE-2024-44725 1 Autocms 1 Autocms 2024-09-09 7.2 High
AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php.
CVE-2024-44724 1 Autocms 1 Autocms 2024-09-09 7.2 High
AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value.
CVE-2024-44333 1 Dlink 6 Di-7003gv2 Firmware, Di-7100g\+v2 Firmware, Di-7100gv2 Firmware and 3 more 2024-09-09 8.8 High
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp.
CVE-2024-42500 1 Hp 1 Hp-ux 2024-09-09 9.3 Critical
HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.
CVE-2023-52266 1 Hongliuliao 1 Ehttp 2024-09-09 7.5 High
ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.
CVE-2023-51034 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-09-09 9.8 Critical
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
CVE-2023-50578 1 Mingsoft 1 Mcms 2024-09-09 9.8 Critical
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
CVE-2023-49001 1 Indibrowser 1 Indi Browser 2024-09-09 9.8 Critical
An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.
CVE-2023-47104 2 Linux, Vareille 2 Linux Kernel, Tiny File Dialogs 2024-09-09 9.8 Critical
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.
CVE-2023-47101 1 Securepoint 1 Openvpn-client 2024-09-09 7.8 High
The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.
CVE-2023-46867 1 Color 1 Demoiccmax 2024-09-09 6.5 Medium
In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.
CVE-2023-46866 1 Color 1 Demoiccmax 2024-09-09 6.5 Medium
In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.
CVE-2023-46502 1 Opencrx 1 Opencrx 2024-09-09 9.8 Critical
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
CVE-2024-8611 1 Itsourcecode 1 Tailoring Management System 2024-09-09 6.3 Medium
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.