U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,239 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2023-45705

An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.

Published: March 28, 2024; 11:15:45 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30607

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30606

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30592

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30591

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30590

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30589

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30588

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30587

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30586

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30585

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30584

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.

Published: March 28, 2024; 10:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30583

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function.

Published: March 28, 2024; 10:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29898

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.

Published: March 28, 2024; 10:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29897

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.

Published: March 28, 2024; 10:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29882

SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.

Published: March 28, 2024; 10:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29200

Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0.

Published: March 28, 2024; 10:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.

Published: March 28, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-6437

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Turk Telekom TP-Link allows OS Command Injection.This issue affects TP-Link: through 2024.03.28.

Published: March 28, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30596

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.

Published: March 28, 2024; 9:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)