Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-30595 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. Published: March 28, 2024; 8:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30422 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1. Published: March 28, 2024; 5:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30421 |
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. Published: March 28, 2024; 5:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2818 |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. Published: March 28, 2024; 4:15:26 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6371 |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. Published: March 28, 2024; 4:15:26 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52628 |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961). Published: March 28, 2024; 4:15:25 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2890 |
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. Published: March 28, 2024; 3:16:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29241 |
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. Published: March 28, 2024; 3:16:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29240 |
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. Published: March 28, 2024; 3:16:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29239 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29238 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29237 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29236 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29235 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29234 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29233 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29232 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:05 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29231 |
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. Published: March 28, 2024; 3:16:04 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29230 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:03 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29229 |
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. Published: March 28, 2024; 3:16:02 AM -0400 |
V3.x:(not available) V2.0:(not available) |