Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CVSS Version: 3
- CVSS V3 Severity: Critical (9-10)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-2806 |
A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: March 22, 2024; 1:15:48 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-1202 |
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported. Published: March 20, 2024; 10:51:38 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-2413 |
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality. Published: March 12, 2024; 11:15:06 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-21400 |
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Published: March 12, 2024; 1:15:49 PM -0400 |
V3.1: 9.0 CRITICAL V2.0:(not available) |
CVE-2024-21334 |
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:49 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48788 |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. Published: March 12, 2024; 11:15:46 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-42789 |
A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Published: March 12, 2024; 11:15:46 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-36554 |
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Published: March 12, 2024; 11:15:45 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-28553 |
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Published: March 12, 2024; 9:15:49 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-28535 |
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Published: March 12, 2024; 9:15:49 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-22039 |
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges. Published: March 12, 2024; 7:15:48 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-32257 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. Published: March 12, 2024; 7:15:45 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-25995 |
An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function. Published: March 12, 2024; 5:15:07 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-21899 |
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later Published: March 08, 2024; 12:15:22 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-7103 |
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024. Published: March 05, 2024; 8:15:06 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-27198 |
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible Published: March 04, 2024; 1:15:09 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-43553 |
Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. Published: March 04, 2024; 6:15:14 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-43552 |
Memory corruption while processing MBSSID beacon containing several subelement IE. Published: March 04, 2024; 6:15:14 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-28582 |
Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake. Published: March 04, 2024; 6:15:09 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-28578 |
Memory corruption in Core Services while executing the command for removing a single event listener. Published: March 04, 2024; 6:15:08 AM -0500 |
V3.1: 9.3 CRITICAL V2.0:(not available) |