Total
79708 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-42631 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. | |||||
CVE-2024-42627 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3. | |||||
CVE-2024-42737 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
CVE-2024-42625 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add | |||||
CVE-2024-42747 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
CVE-2024-42741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
CVE-2024-27442 | 1 Zimbra | 1 Collaboration | 2024-08-13 | N/A | 7.8 HIGH |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. | |||||
CVE-2024-42745 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
CVE-2024-42748 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
CVE-2024-42629 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10. | |||||
CVE-2024-42632 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. | |||||
CVE-2024-42630 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. | |||||
CVE-2024-42626 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. | |||||
CVE-2024-7399 | 1 Samsung | 1 Magicinfo 9 Server | 2024-08-13 | N/A | 7.5 HIGH |
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. | |||||
CVE-2024-37129 | 1 Dell | 1 Inventory Collector | 2024-08-13 | N/A | 7.8 HIGH |
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. | |||||
CVE-2022-4002 | 1 Motorola | 2 Q14, Q14 Firmware | 2024-08-13 | N/A | 7.2 HIGH |
A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. | |||||
CVE-2024-7272 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-13 | 7.5 HIGH | 8.8 HIGH |
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. | |||||
CVE-2023-1577 | 1 Lenovo | 1 Drivers Management | 2024-08-13 | N/A | 7.8 HIGH |
A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges. | |||||
CVE-2019-6198 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | N/A | 7.8 HIGH |
A vulnerability was reported in Lenovo PC Manager prior to versionĀ 2.8.90.11211 that could allow a local attacker to escalate privileges. | |||||
CVE-2019-6197 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | N/A | 7.8 HIGH |
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. |