Total
78226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43955 | 1 Themeum | 1 Droip | 2024-08-30 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1. | |||||
| CVE-2024-44070 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-08-30 | N/A | 7.5 HIGH |
| An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. | |||||
| CVE-2024-45436 | 1 Ollama | 1 Ollama | 2024-08-30 | N/A | 7.5 HIGH |
| extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. | |||||
| CVE-2024-41236 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-30 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page | |||||
| CVE-2024-42793 | 1 Lopalopa | 1 Music Management System | 2024-08-30 | N/A | 8.0 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. | |||||
| CVE-2024-8193 | 1 Google | 1 Chrome | 2024-08-30 | N/A | 8.8 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-7607 | 1 Etoilewebdesign | 1 Front End Users | 2024-08-30 | N/A | 8.8 HIGH |
| The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-42851 | 1 Aertherwide | 1 Exiftags | 2024-08-30 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. | |||||
| CVE-2024-8297 | 1 Kitsada8621 | 1 Digital Library Management System | 2024-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-45264 | 1 Skyss | 1 Arfa-cms | 2024-08-30 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges. | |||||
| CVE-2024-44340 | 1 Dlink | 2 Dir-846w, Dir-846w Firmware | 2024-08-30 | N/A | 8.8 HIGH |
| D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. | |||||
| CVE-2024-5651 | 2024-08-30 | N/A | 8.8 HIGH | ||
| A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges. | |||||
| CVE-2024-6632 | 1 Fortra | 1 Filecatalyst Workflow | 2024-08-30 | N/A | 7.2 HIGH |
| A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability. | |||||
| CVE-2024-8182 | 1 Flowiseai | 1 Flowise | 2024-08-30 | N/A | 7.5 HIGH |
| An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint. | |||||
| CVE-2024-7538 | 1 Ofono Project | 1 Ofono | 2024-08-29 | N/A | 7.8 HIGH |
| oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23190. | |||||
| CVE-2024-7539 | 1 Ofono Project | 1 Ofono | 2024-08-29 | N/A | 7.8 HIGH |
| oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195. | |||||
| CVE-2024-7546 | 1 Ofono Project | 1 Ofono | 2024-08-29 | N/A | 7.8 HIGH |
| oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459. | |||||
| CVE-2024-6203 | 1 Haloservicesolutions | 1 Haloitsm | 2024-08-29 | N/A | 8.1 HIGH |
| HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | |||||
| CVE-2024-43140 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2024-08-29 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4. | |||||
| CVE-2024-3035 | 1 Gitlab | 1 Gitlab | 2024-08-29 | N/A | 8.1 HIGH |
| A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | |||||