Total
262230 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8227 | 1 Tenda | 2 O1, O1 Firmware | 2024-08-29 | 8.8 High |
A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-8228 | 1 Tenda | 2 O5, O5 Firmware | 2024-08-29 | 8.8 High |
A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-8229 | 1 Tenda | 2 O6, O6 Firmware | 2024-08-29 | 8.8 High |
A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-8230 | 1 Tenda | 2 O6, O6 Firmware | 2024-08-29 | 8.8 High |
A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-42438 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-08-29 | 6.5 Medium |
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | ||||
CVE-2024-42439 | 1 Zoom | 2 Meeting Software Development Kit, Workplace Desktop | 2024-08-29 | 6.5 Medium |
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
CVE-2024-42440 | 1 Zoom | 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more | 2024-08-28 | 6.2 Medium |
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
CVE-2024-42441 | 1 Zoom | 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more | 2024-08-28 | 6.2 Medium |
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
CVE-2023-43612 | 1 Openharmony | 1 Openharmony | 2024-08-28 | 8.4 High |
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. | ||||
CVE-2023-43078 | 1 Dell | 322 Alienware M15 R6 Firmware, Alienware M15 R7 Firmware, Alienware M16 R1 Firmware and 319 more | 2024-08-28 | 6.7 Medium |
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service. | ||||
CVE-2024-31905 | 1 Ibm | 1 Qradar Network Packet Capture | 2024-08-28 | 5.9 Medium |
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858. | ||||
CVE-2024-7867 | 1 Xpdfreader | 1 Xpdf | 2024-08-28 | 6.2 Medium |
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | ||||
CVE-2024-25024 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-08-28 | 6.2 Medium |
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. | ||||
CVE-2023-47728 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-08-28 | 4.9 Medium |
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201. | ||||
CVE-2024-34906 | 1 Dootask | 1 Dootask | 2024-08-28 | 5.4 Medium |
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
CVE-2024-29469 | 2024-08-28 | 6.1 Medium | ||
A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. | ||||
CVE-2024-28434 | 2024-08-28 | 7.6 High | ||
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. | ||||
CVE-2024-28396 | 2024-08-28 | 7.5 High | ||
An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. | ||||
CVE-2024-26455 | 2024-08-28 | 7.5 High | ||
fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. | ||||
CVE-2024-26445 | 2024-08-28 | 6.1 Medium | ||
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php |