Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41686 1 Syrotech 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware 2024-11-21 3.3 Low
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.
CVE-2024-41685 1 Syrotech 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware 2024-11-21 7.5 High
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.
CVE-2024-41684 1 Syrotech 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware 2024-11-21 5.3 Medium
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system.
CVE-2024-41676 1 Openmage 1 Magento 2024-11-21 4.1 Medium
Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher.
CVE-2024-41672 1 Duckdb 1 Duckdb 2024-11-21 7.5 High
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other similar functions do NOT provide access. There seem to be two vectors to this vulnerability. First, access to files that should otherwise not be allowed. Second, the content from a file can be read (e.g. `/etc/hosts`, `proc/self/environ`, etc) even though that doesn't seem to be the intent of the sniff_csv function. A fix for this issue is available in commit c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a and is expected to be part of version 1.1.0.
CVE-2024-41662 1 Vnote Project 1 Vnote 2024-11-21 8.6 High
VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.
CVE-2024-41629 2 Texas Instruments, Ti 2 Fusion Digital Power Designer, Fusion Digital Power Designer 2024-11-21 6.6 Medium
An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials
CVE-2024-41551 1 Campcodes 1 Supplier Management System 2024-11-21 7.3 High
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .
CVE-2024-41473 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 8 High
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac
CVE-2024-41468 2 Tenda, Tendacn 3 Fh1201, Fh1201, Fh1201 Firmware 2024-11-21 9.8 Critical
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand
CVE-2024-41466 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 7.5 High
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.
CVE-2024-41465 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 7.5 High
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm.
CVE-2024-41464 2 Tenda, Tendacn 3 Fh1201, Fh1201, Fh1201 Firmware 2024-11-21 9.8 Critical
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic
CVE-2024-41463 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 4.3 Medium
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat.
CVE-2024-41462 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 4.3 Medium
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.
CVE-2024-41461 2 Tenda, Tendacn 3 Fh1201, Fh1201, Fh1201 Firmware 2024-11-21 9.8 Critical
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.
CVE-2024-41460 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 6.5 Medium
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.
CVE-2024-41459 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 8.8 High
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.
CVE-2024-41439 1 Dbohdan 1 Hicolor 2024-11-21 5.5 Medium
A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVE-2024-41319 1 Totolink 2 A6000r, A6000r Firmware 2024-11-21 8.8 High
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.