Total
17637 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8956 | 1 Ptzoptics | 4 Pt30x-ndi-xx-g2, Pt30x-ndi-xx-g2 Firmware, Pt30x-sdi and 1 more | 2024-11-05 | 9.1 Critical |
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file. | ||||
CVE-2023-46846 | 2 Redhat, Squid-cache | 12 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 9 more | 2024-11-04 | 9.3 Critical |
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | ||||
CVE-2023-3490 | 1 Fossbilling | 1 Fossbilling | 2024-11-04 | 9.8 Critical |
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3. | ||||
CVE-2024-50523 | 1 Rainbowlink | 1 All Post Contact Form | 2024-11-04 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3. | ||||
CVE-2024-50527 | 1 Stacks | 1 Stacks Mobile App Builder | 2024-11-04 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | ||||
CVE-2024-50529 | 1 Rudra Innovative Software | 1 Training Courses | 2024-11-04 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1. | ||||
CVE-2024-50530 | 1 Myriad Solutionz | 1 Stars Smtp Mailer | 2024-11-04 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7. | ||||
CVE-2024-50531 | 1 Davidfcarr | 1 Rsvpmarker | 2024-11-04 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4. | ||||
CVE-2024-50526 | 1 Mahlamusa | 1 Multi Purpose Mail Form | 2024-11-04 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2. | ||||
CVE-2024-50525 | 1 Helloprint | 1 Helloprint | 2024-11-04 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2. | ||||
CVE-2024-51661 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-04 | 9.1 Critical |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19. | ||||
CVE-2014-9852 | 3 Imagemagick, Opensuse, Suse | 7 Imagemagick, Leap, Opensuse and 4 more | 2024-11-04 | 9.8 Critical |
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. | ||||
CVE-2016-10144 | 1 Imagemagick | 1 Imagemagick | 2024-11-04 | 9.8 Critical |
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | ||||
CVE-2016-10145 | 1 Imagemagick | 1 Imagemagick | 2024-11-04 | 9.8 Critical |
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | ||||
CVE-2024-28288 | 1 Ruijie | 1 Rg-nbr700gw Firmware | 2024-11-04 | 9.8 Critical |
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise. | ||||
CVE-2023-30151 | 1 Prestashop | 1 Prestashop | 2024-11-04 | 9.8 Critical |
A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. | ||||
CVE-2023-52832 | 1 Redhat | 1 Enterprise Linux | 2024-11-04 | 9.1 Critical |
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 * 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dump_stack+0x74/0x92 ubsan_epilogue+0x9/0x50 handle_overflow+0x8d/0xd0 __ubsan_handle_mul_overflow+0xe/0x10 nl80211_send_iface+0x688/0x6b0 [cfg80211] [...] cfg80211_register_wdev+0x78/0xb0 [cfg80211] cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211] [...] ieee80211_if_add+0x60e/0x8f0 [mac80211] ieee80211_register_hw+0xda5/0x1170 [mac80211] In this case, simply return an error instead, to indicate that no data is available. | ||||
CVE-2023-52814 | 1 Linux | 1 Linux Kernel | 2024-11-04 | 9.1 Critical |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, so add check before using. | ||||
CVE-2023-52801 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-04 | 9.1 Critical |
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinserted. Otherwise the domains_itree becomes corrupted and we will UAF. | ||||
CVE-2023-52735 | 2 Linux, Redhat | 2 Linux Kernel, Rhel Eus | 2024-11-04 | 9.1 Critical |
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/ |