Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-49963 |
DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control. Published: April 19, 2024; 1:15:51 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-49502 |
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Published: April 19, 2024; 1:15:51 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-49501 |
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. Published: April 19, 2024; 1:15:51 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-37397 |
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672. Published: April 19, 2024; 1:15:51 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-27279 |
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. Published: April 19, 2024; 1:15:51 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2022-40745 |
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. Published: April 19, 2024; 1:15:51 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32650 |
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11. Published: April 19, 2024; 12:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32409 |
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. Published: April 19, 2024; 12:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32206 |
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter. Published: April 19, 2024; 12:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31846 |
An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Published: April 19, 2024; 12:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31841 |
An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. Published: April 19, 2024; 12:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31587 |
SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request. Published: April 19, 2024; 12:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29183 |
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account. Published: April 19, 2024; 12:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29029 |
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Published: April 19, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27752 |
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function. Published: April 19, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22640 |
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. Published: April 19, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-37396 |
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. Published: April 19, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-22869 |
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. Published: April 19, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3684 |
A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program. Published: April 19, 2024; 11:15:51 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3646 |
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program. Published: April 19, 2024; 11:15:51 AM -0400 |
V3.x:(not available) V2.0:(not available) |