Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-32482 |
The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available. Published: April 23, 2024; 2:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31208 |
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API. Published: April 23, 2024; 2:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21979 |
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. Published: April 23, 2024; 1:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21972 |
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. Published: April 23, 2024; 1:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32258 |
The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM. Published: April 23, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33217 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. Published: April 23, 2024; 11:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33215 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. Published: April 23, 2024; 11:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33214 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. Published: April 23, 2024; 11:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33213 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Published: April 23, 2024; 11:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33212 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. Published: April 23, 2024; 11:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33211 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex. Published: April 23, 2024; 11:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32679 |
Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16. Published: April 23, 2024; 11:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31804 |
An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. Published: April 23, 2024; 11:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28130 |
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: April 23, 2024; 11:15:49 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-2477 |
The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 23, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28627 |
An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. Published: April 23, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3911 |
An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. Published: April 23, 2024; 9:15:46 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-30800 |
PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. Published: April 23, 2024; 9:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-26922 |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. Published: April 23, 2024; 9:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-47731 |
IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203. Published: April 23, 2024; 9:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |