VYPR

CVEs

100,075 total · page 694 of 2,002

  • CVE-2024-34215HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.

  • CVE-2024-34212HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function.

  • CVE-2024-34211HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

  • CVE-2024-34210HigMay 14, 2024
    risk 0.48cvss 7.3epss 0.01

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.

  • CVE-2024-34207HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.

  • CVE-2024-34205HigMay 14, 2024
    risk 0.48cvss 7.3epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.

  • CVE-2024-34201HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.01

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.

  • CVE-2024-34200HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.

  • CVE-2024-34199HigMay 14, 2024
    risk 0.00cvss 8.6epss 0.01

    TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.

  • CVE-2024-34196HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the…

  • CVE-2024-34077HigMay 14, 2024
    risk 0.41cvss 7.3epss 0.01

    MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit…

  • CVE-2024-33877HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.

  • CVE-2024-33873HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.

  • CVE-2024-33818HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter.

  • CVE-2024-33250HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.01

    An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request.

  • CVE-2024-32997HigMay 14, 2024
    risk 0.55cvss 8.4epss 0.00

    Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability.

  • CVE-2024-32992HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability.

  • CVE-2024-32991HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability.

  • CVE-2024-32739HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.05

    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.

  • CVE-2024-32738HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.05

    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.

  • CVE-2024-32737HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.05

    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.

  • CVE-2024-32736HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.05

    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.

  • CVE-2024-32724HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.

  • CVE-2024-32712HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.00

    Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

  • CVE-2024-32655HigMay 14, 2024
    risk 0.46cvss 8.1epss 0.02

    Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths…

  • CVE-2024-32624HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.01

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.

  • CVE-2024-32623HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).

  • CVE-2024-32620HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.

  • CVE-2024-32619HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.

  • CVE-2024-32618HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.

  • CVE-2024-32617HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).

  • CVE-2024-32616HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c.

  • CVE-2024-32614HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.

  • CVE-2024-32613HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.

  • CVE-2024-32612HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.

  • CVE-2024-32609HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.

  • CVE-2024-32605HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).

  • CVE-2024-31954HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directory and DLL files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (An attacker…

  • CVE-2024-31771HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file

  • CVE-2024-31459HigMay 14, 2024
    risk 0.52cvss 8.0epss 0.03

    Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue…

  • CVE-2024-31445HigMay 14, 2024
    risk 0.02cvss 8.8epss 0.26

    Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to…

  • CVE-2024-31441HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in…

  • CVE-2024-30259HigMay 14, 2024
    risk 0.53cvss 8.2epss 0.01

    FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can…

  • CVE-2024-30258HigMay 14, 2024
    risk 0.00cvss 8.2epss 0.01

    FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can…

  • CVE-2024-30172HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

  • CVE-2024-2662HigMay 14, 2024
    risk 0.40cvss 7.2epss 0.02

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom…

  • CVE-2024-2441HigMay 14, 2024
    risk 0.53cvss 8.1epss 0.01

    The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin…

  • CVE-2024-2290HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.01

    The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP…

  • CVE-2024-29857HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during…

  • CVE-2024-29800HigMay 14, 2024
    risk 0.45cvss 8.0epss 0.00

    Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0.