Total 17637 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8956 1 Ptzoptics 4 Pt30x-ndi-xx-g2, Pt30x-ndi-xx-g2 Firmware, Pt30x-sdi and 1 more 2024-11-05 9.1 Critical
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
CVE-2023-46846 2 Redhat, Squid-cache 12 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 9 more 2024-11-04 9.3 Critical
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
CVE-2023-3490 1 Fossbilling 1 Fossbilling 2024-11-04 9.8 Critical
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVE-2024-50523 1 Rainbowlink 1 All Post Contact Form 2024-11-04 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3.
CVE-2024-50527 1 Stacks 1 Stacks Mobile App Builder 2024-11-04 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
CVE-2024-50529 1 Rudra Innovative Software 1 Training Courses 2024-11-04 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.
CVE-2024-50530 1 Myriad Solutionz 1 Stars Smtp Mailer 2024-11-04 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7.
CVE-2024-50531 1 Davidfcarr 1 Rsvpmarker 2024-11-04 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.
CVE-2024-50526 1 Mahlamusa 1 Multi Purpose Mail Form 2024-11-04 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.
CVE-2024-50525 1 Helloprint 1 Helloprint 2024-11-04 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2.
CVE-2024-51661 1 Davidlingren 1 Media Library Assistant 2024-11-04 9.1 Critical
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.
CVE-2014-9852 3 Imagemagick, Opensuse, Suse 7 Imagemagick, Leap, Opensuse and 4 more 2024-11-04 9.8 Critical
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
CVE-2016-10144 1 Imagemagick 1 Imagemagick 2024-11-04 9.8 Critical
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
CVE-2016-10145 1 Imagemagick 1 Imagemagick 2024-11-04 9.8 Critical
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
CVE-2024-28288 1 Ruijie 1 Rg-nbr700gw Firmware 2024-11-04 9.8 Critical
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.
CVE-2023-30151 1 Prestashop 1 Prestashop 2024-11-04 9.8 Critical
A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.
CVE-2023-52832 1 Redhat 1 Enterprise Linux 2024-11-04 9.1 Critical
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 * 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dump_stack+0x74/0x92 ubsan_epilogue+0x9/0x50 handle_overflow+0x8d/0xd0 __ubsan_handle_mul_overflow+0xe/0x10 nl80211_send_iface+0x688/0x6b0 [cfg80211] [...] cfg80211_register_wdev+0x78/0xb0 [cfg80211] cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211] [...] ieee80211_if_add+0x60e/0x8f0 [mac80211] ieee80211_register_hw+0xda5/0x1170 [mac80211] In this case, simply return an error instead, to indicate that no data is available.
CVE-2023-52814 1 Linux 1 Linux Kernel 2024-11-04 9.1 Critical
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, so add check before using.
CVE-2023-52801 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-04 9.1 Critical
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinserted. Otherwise the domains_itree becomes corrupted and we will UAF.
CVE-2023-52735 2 Linux, Redhat 2 Linux Kernel, Rhel Eus 2024-11-04 9.1 Critical
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/