Search Results (Refine Search)
- CVSS Version: 3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-22391 |
A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Published: April 25, 2024; 11:16:04 AM -0400 |
V3.1: 7.7 HIGH V2.0:(not available) |
CVE-2024-22373 |
An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Published: April 25, 2024; 11:16:03 AM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2024-28130 |
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: April 23, 2024; 11:15:49 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-3911 |
An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. Published: April 23, 2024; 9:15:46 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-2760 |
Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. Published: April 23, 2024; 12:15:08 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-1241 |
Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver. Published: April 23, 2024; 12:15:08 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-29991 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Published: April 19, 2024; 1:15:54 PM -0400 |
V3.1: 5.0 MEDIUM V2.0:(not available) |
CVE-2024-29986 |
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Published: April 18, 2024; 3:15:11 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-29003 |
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. Published: April 18, 2024; 6:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-28076 |
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format Published: April 18, 2024; 5:15:11 AM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2023-45744 |
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Published: April 17, 2024; 9:15:07 AM -0400 |
V3.1: 8.3 HIGH V2.0:(not available) |
CVE-2023-45209 |
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Published: April 17, 2024; 9:15:07 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-43491 |
An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Published: April 17, 2024; 9:15:07 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-40146 |
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability. Published: April 17, 2024; 9:15:07 AM -0400 |
V3.1: 6.8 MEDIUM V2.0:(not available) |
CVE-2023-39367 |
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: April 17, 2024; 9:15:06 AM -0400 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2024-3839 |
Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) Published: April 17, 2024; 4:15:10 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-3838 |
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) Published: April 17, 2024; 4:15:10 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-3837 |
Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Published: April 17, 2024; 4:15:10 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-3834 |
Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: April 17, 2024; 4:15:10 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-21120 |
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Published: April 16, 2024; 6:15:34 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |