Total 262230 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8227 1 Tenda 2 O1, O1 Firmware 2024-08-29 8.8 High
A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8228 1 Tenda 2 O5, O5 Firmware 2024-08-29 8.8 High
A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8229 1 Tenda 2 O6, O6 Firmware 2024-08-29 8.8 High
A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8230 1 Tenda 2 O6, O6 Firmware 2024-08-29 8.8 High
A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-42438 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2024-08-29 6.5 Medium
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-42439 1 Zoom 2 Meeting Software Development Kit, Workplace Desktop 2024-08-29 6.5 Medium
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2024-42440 1 Zoom 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more 2024-08-28 6.2 Medium
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2024-42441 1 Zoom 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more 2024-08-28 6.2 Medium
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2023-43612 1 Openharmony 1 Openharmony 2024-08-28 8.4 High
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.
CVE-2023-43078 1 Dell 322 Alienware M15 R6 Firmware, Alienware M15 R7 Firmware, Alienware M16 R1 Firmware and 319 more 2024-08-28 6.7 Medium
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
CVE-2024-31905 1 Ibm 1 Qradar Network Packet Capture 2024-08-28 5.9 Medium
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858.
CVE-2024-7867 1 Xpdfreader 1 Xpdf 2024-08-28 6.2 Medium
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
CVE-2024-25024 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-08-28 6.2 Medium
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.
CVE-2023-47728 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-08-28 4.9 Medium
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201.
CVE-2024-34906 1 Dootask 1 Dootask 2024-08-28 5.4 Medium
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2024-29469 2024-08-28 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.
CVE-2024-28434 2024-08-28 7.6 High
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.
CVE-2024-28396 2024-08-28 7.5 High
An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.
CVE-2024-26455 2024-08-28 7.5 High
fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
CVE-2024-26445 2024-08-28 6.1 Medium
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php