U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,215 matching records.
Displaying matches 721 through 740.
Vuln ID Summary CVSS Severity
CVE-2024-2856

A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 24, 2024; 3:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-2855

A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 24, 2024; 2:15:11 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-2854

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 24, 2024; 2:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-2853

A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 24, 2024; 1:15:10 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-2852

A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 24, 2024; 1:15:09 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-2851

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 23, 2024; 11:15:09 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-2850

A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 23, 2024; 10:15:07 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-30161

In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer.

Published: March 23, 2024; 9:15:45 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30156

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

Published: March 23, 2024; 9:15:45 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-36827

The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.

Published: March 23, 2024; 9:15:45 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2018-25100

The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.

Published: March 23, 2024; 9:15:45 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

Published: March 23, 2024; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-23755

ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.

Published: March 23, 2024; 6:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-1603

paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.

Published: March 23, 2024; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2849

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.

Published: March 23, 2024; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24840

Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.

Published: March 23, 2024; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24835

Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.

Published: March 23, 2024; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24832

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

Published: March 23, 2024; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33633

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1.

Published: March 23, 2024; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2832

A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752.

Published: March 23, 2024; 2:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)