Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-30607 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30606 |
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30592 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30591 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30590 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30589 |
Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30588 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30587 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30586 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30585 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30584 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30583 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29898 |
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29897 |
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29882 |
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29200 |
Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28109 |
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2. Published: March 28, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6437 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Turk Telekom TP-Link allows OS Command Injection.This issue affects TP-Link: through 2024.03.28. Published: March 28, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30596 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. Published: March 28, 2024; 9:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30594 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. Published: March 28, 2024; 9:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |