Total
54918 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42356 | 1 Shopware | 1 Shopware | 2024-08-12 | 8.3 High |
| Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method. It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. | ||||
| CVE-2024-42357 | 1 Shopware | 1 Shopware | 2024-08-12 | 7.3 High |
| Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | ||||
| CVE-2024-42010 | 1 Roundcube | 1 Roundcube | 2024-08-12 | 7.5 High |
| mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information. | ||||
| CVE-2024-34623 | 2 Samsung, Samsung Mobile | 2 Notes, Samsung Notes | 2024-08-09 | 7.8 High |
| Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. | ||||
| CVE-2024-34622 | 1 Samsung | 1 Notes | 2024-08-09 | 7.8 High |
| Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. | ||||
| CVE-2024-32758 | 1 Johnsoncontrols | 2 Exacqvision Client, Exacqvision Server | 2024-08-09 | 7.5 High |
| Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange | ||||
| CVE-2024-7338 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-09 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7336 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2024-08-09 | 8.8 High |
| A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-40721 | 1 Changingtec | 2 Servisign, Tcb Servisign | 2024-08-09 | 8.8 High |
| The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path. | ||||
| CVE-2024-40720 | 2 Changinginformationtechnology, Changingtec | 2 Tcbservisign, Tcb Servisign | 2024-08-09 | 8.8 High |
| The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands. | ||||
| CVE-2024-7366 | 2 Oretnom23, Sourcecodester | 2 Tracking Monitoring Management System, Tracking Monitoring Management System | 2024-08-09 | 7.3 High |
| A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273345 was assigned to this vulnerability. | ||||
| CVE-2024-7337 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-09 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7335 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2024-08-09 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7334 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-09 | 8.8 High |
| A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7333 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-08-09 | 8.8 High |
| A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-37142 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | 7.3 High |
| Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | ||||
| CVE-2024-32857 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | 7.3 High |
| Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | ||||
| CVE-2024-7582 | 1 Tenda | 2 I22, I22 Firmware | 2024-08-08 | 8.8 High |
| A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7583 | 1 Tenda | 2 I22, I22 Firmware | 2024-08-08 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-41989 | 2 Djangoproject, Redhat | 2 Django, Ansible Automation Platform | 2024-08-08 | 7.5 High |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. | ||||