Total
78100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36131 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-21 | N/A | 8.8 HIGH |
| An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. | |||||
| CVE-2024-40892 | 2024-08-21 | N/A | 7.1 HIGH | ||
| A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely). | |||||
| CVE-2024-42950 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-08-21 | N/A | 7.5 HIGH |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-43410 | 2024-08-21 | N/A | 7.5 HIGH | ||
| Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1. | |||||
| CVE-2024-33656 | 2024-08-21 | N/A | 7.8 HIGH | ||
| The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms | |||||
| CVE-2024-20375 | 2024-08-21 | N/A | 8.6 HIGH | ||
| A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices. | |||||
| CVE-2024-33657 | 2024-08-21 | N/A | 7.8 HIGH | ||
| This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. | |||||
| CVE-2024-40500 | 1 Scilico | 1 I-librarian | 2024-08-21 | N/A | 8.6 HIGH |
| Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. | |||||
| CVE-2024-39690 | 1 Projectcapsule | 1 Capsule | 2024-08-21 | N/A | 8.8 HIGH |
| Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. | |||||
| CVE-2024-7944 | 1 Adonesevangelista | 1 Laravel Property Management System | 2024-08-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42577 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | |||||
| CVE-2024-7841 | 1 Oretnom23 | 1 Clinics Patient Management System | 2024-08-21 | 6.5 MEDIUM | 7.5 HIGH |
| A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7930 | 1 Oretnom23 | 1 Clinic Patient Management System | 2024-08-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42580 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | |||||
| CVE-2024-42581 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | |||||
| CVE-2024-42582 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | |||||
| CVE-2024-42583 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | |||||
| CVE-2024-42603 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall | |||||
| CVE-2024-42605 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1 | |||||
| CVE-2024-42606 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1 | |||||