Total
271669 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49999 | 1 Tenda | 2 W30e, W30e Firmware | 2024-11-26 | 9.8 Critical |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. | ||||
| CVE-2024-34435 | 1 Coderevolution | 1 Aiomatic | 2024-11-26 | 4.3 Medium |
| Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3. | ||||
| CVE-2024-11663 | 1 Codezips | 1 Ecommerce Site | 2024-11-26 | 7.3 High |
| A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-52899 | 1 Ibm | 1 Data Virtualization Manager For Z-os | 2024-11-26 | 8.5 High |
| IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. | ||||
| CVE-2023-33411 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-26 | 7.5 High |
| A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | ||||
| CVE-2024-11664 | 1 Enms | 1 Enms | 2024-11-26 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-11677 | 1 Codeastro | 1 Hospital Management System | 2024-11-26 | 3.5 Low |
| A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11678 | 1 Codeastro | 1 Hospital Management System | 2024-11-26 | 3.5 Low |
| A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-41171 | 1 Netscout | 1 Ngeniusone | 2024-11-26 | 5.4 Medium |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). | ||||
| CVE-2024-11657 | 1 Engenius | 3 Enh1350ext, Ens500-ac, Ens620ext | 2024-11-26 | 4.7 Medium |
| A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Affected is an unknown function of the file /admin/network/diag_nslookup. The manipulation of the argument diag_nslookup leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-49462 | 1 Struktur | 1 Libheif | 2024-11-26 | 8.8 High |
| libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. | ||||
| CVE-2023-50444 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2024-11-26 | 7.5 High |
| By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. | ||||
| CVE-2023-41621 | 1 Emlog | 1 Emlog | 2024-11-26 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. | ||||
| CVE-2024-11673 | 1 1000projects | 1 Bookstore Management System | 2024-11-26 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9929 | 2024-11-26 | 4.3 Medium | ||
| A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. | ||||
| CVE-2024-9112 | 1 Faststone | 1 Image Viewer | 2024-11-26 | N/A |
| FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25102. | ||||
| CVE-2024-9113 | 1 Faststone | 1 Image Viewer | 2024-11-26 | N/A |
| FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25140. | ||||
| CVE-2024-0019 | 1 Google | 1 Android | 2024-11-26 | 5.0 Medium |
| In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-41618 | 1 Emlog | 1 Emlog | 2024-11-26 | 6.1 Medium |
| Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. | ||||
| CVE-2024-0053 | 1 Google | 1 Android | 2024-11-26 | 3.3 Low |
| In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||