Total
29062 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-0717 | 1 Dlink | 88 Dap-1360, Dap-1360 Firmware, Dir-1210 and 85 more | 2024-08-01 | 5.3 Medium |
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. | ||||
CVE-2024-0701 | 1 Userproplugin | 1 Userpro | 2024-08-01 | 5.3 Medium |
The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator. | ||||
CVE-2024-0396 | 1 Progress | 1 Moveit Transfer | 2024-08-01 | 7.1 High |
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service. | ||||
CVE-2024-0472 | 1 Code-projects | 1 Dormitory Management System | 2024-08-01 | 3.5 Low |
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability. | ||||
CVE-2024-0333 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 5.3 Medium |
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-0219 | 1 Progress | 1 Telerik Justdecompile | 2024-08-01 | 7.8 High |
In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | ||||
CVE-2024-0252 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-01 | 8.8 High |
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. | ||||
CVE-2024-0242 | 1 Johnsoncontrols | 4 Qolsys Iq4 Hub, Qolsys Iq4 Hub Firmware, Qolsys Iq Panel 4 and 1 more | 2024-08-01 | 7.3 High |
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | ||||
CVE-2024-0230 | 1 Apple | 2 Magic Keyboard, Magic Keyboard Firmware | 2024-08-01 | 2.4 Low |
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. | ||||
CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2024-08-01 | N/A |
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | ||||
CVE-1999-1302 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2024-08-01 | N/A |
Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local users to gain root access. | ||||
CVE-1999-1043 | 1 Microsoft | 1 Exchange Server | 2024-08-01 | N/A |
Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error). | ||||
CVE-1999-0682 | 1 Microsoft | 1 Exchange Server | 2024-08-01 | N/A |
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. | ||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-08-01 | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||||
CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-08-01 | N/A |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | ||||
CVE-1999-0228 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | N/A |
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. | ||||
CVE-1999-0144 | 1 Qmail Project | 1 Qmail | 2024-08-01 | N/A |
Denial of service in Qmail by specifying a large number of recipients with the RCPT command. | ||||
CVE-1999-0070 | 1 Apache | 1 Http Server | 2024-08-01 | N/A |
test-cgi program allows an attacker to list files on the server. | ||||
CVE-2018-17793 | 2023-11-07 | N/A | ||
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | ||||
CVE-2012-2639 | 2023-11-07 | N/A | ||
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candidate is a reservation duplicate of CVE-2011-4940. Notes: All CVE users should reference CVE-2011-4940 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |