Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-4500 |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Employee/edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263104. Published: May 05, 2024; 2:15:27 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34474 |
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM. Published: May 05, 2024; 11:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4497 |
A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263086 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: May 05, 2024; 3:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4496 |
A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263085 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: May 05, 2024; 2:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4495 |
A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263084. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: May 05, 2024; 2:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4494 |
A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this vulnerability is the function formSetUplinkInfo of the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263083. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: May 05, 2024; 1:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4493 |
A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). Affected is the function formSetAutoPing. The manipulation of the argument ping1/ping2 leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263082 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: May 04, 2024; 11:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34490 |
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. Published: May 04, 2024; 11:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34489 |
OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via length=0. Published: May 04, 2024; 11:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34488 |
OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0. Published: May 04, 2024; 11:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34487 |
OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via inst.length=0. Published: May 04, 2024; 11:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34486 |
OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0. Published: May 04, 2024; 11:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34484 |
OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0. Published: May 04, 2024; 10:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34483 |
OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPBucket.len=0. Published: May 04, 2024; 10:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4492 |
A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). This issue affects the function formOfflineSet of the file /goform/setStaOffline. The manipulation of the argument GO/ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263081 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: May 04, 2024; 9:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34478 |
btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds. Published: May 04, 2024; 9:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4491 |
A vulnerability classified as critical was found in Tenda i21 1.0.0.14(4656). This vulnerability affects the function formGetDiagnoseInfo. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263080. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: May 04, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34476 |
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len. Published: May 04, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34475 |
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR. Published: May 04, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34473 |
An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components. Published: May 04, 2024; 7:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |