Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-33601 |
nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Published: May 06, 2024; 4:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33600 |
nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Published: May 06, 2024; 4:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33599 |
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Published: May 06, 2024; 4:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33576 |
Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. Published: May 06, 2024; 4:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33570 |
Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3. Published: May 06, 2024; 4:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33121 |
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. Published: May 06, 2024; 4:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33118 |
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. Published: May 06, 2024; 4:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33117 |
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. Published: May 06, 2024; 4:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3661 |
By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks. Published: May 06, 2024; 3:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34412 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34390 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34389 |
Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34387 |
Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34386 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34381 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34380 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34379 |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34378 |
Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34377 |
Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34376 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. Published: May 06, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |