Total
277606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42979 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42983 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42984 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-6134 | 1 Wp Easycart | 1 Shopping Cart And Ecommerce Store | 2024-08-16 | 5.4 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-42985 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42976 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42955 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42946 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-43045 | 1 Jenkins | 1 Jenkins | 2024-08-16 | 6.3 Medium |
| Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". | ||||
| CVE-2024-43044 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2024-08-16 | 8.8 High |
| Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. | ||||
| CVE-2023-49144 | 2024-08-16 | 6.7 Medium | ||
| Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-42461 | 2 Elliptic Project, Redhat | 4 Elliptic, Acm, Multicluster Engine and 1 more | 2024-08-16 | 5.3 Medium |
| In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. | ||||
| CVE-2024-41962 | 1 Yonle | 1 Bostr | 2024-08-16 | 4.6 Medium |
| Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10. | ||||
| CVE-2024-42480 | 1 Clastix | 1 Kamaji | 2024-08-16 | 8.1 High |
| Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2. | ||||
| CVE-2024-41264 | 1 Casbin | 1 Casdoor | 2024-08-16 | 7.5 High |
| An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method. | ||||
| CVE-2024-7729 | 1 Cayintech | 15 Cms-20, Cms-60, Cms-se and 12 more | 2024-08-16 | 7.5 High |
| The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. | ||||
| CVE-2024-6990 | 1 Google | 1 Chrome | 2024-08-16 | 8.8 High |
| Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2024-28986 | 1 Solarwinds | 2 Web Help Desk, Webhelpdesk | 2024-08-16 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. | ||||
| CVE-2024-42982 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-16 | 5.3 Medium |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-6347 | 1 Nissan-global | 2 Altima, Blind Spot Detection Sensor Ecu Firmware | 2024-08-16 | 6.5 Medium |
| * Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. | ||||