| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. During the
processing and parsing of certain fields in XML elements from incoming
network requests, the product does not sufficiently check or validate
allocated buffer size. This may lead to remote code execution.
|
| Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP CamerasĀ with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While parsing
certain XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
|
| Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While
processing XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
|
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. |
| This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. |
| OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. |
| A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. |
| Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280. |
| An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. |
| Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component. |
| F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface. |
|
In ProgressĀ® TelerikĀ® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. |
| Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) |
| A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |