Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-0216 |
The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Published: April 29, 2024; 10:15:06 PM -0400 |
V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2024-4327 |
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.9 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-262419. NOTE: The vendor was contacted early about this disclosure and explains that the documentation recommends a strict Content Security Policy and the issue was fixed in release 10.9. Published: April 29, 2024; 9:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34050 |
Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34049 |
Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34048 |
O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34047 |
O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34046 |
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34045 |
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34044 |
The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34043 |
O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52728 |
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52727 |
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52726 |
Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream). Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52725 |
Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52724 |
Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function. Published: April 29, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33522 |
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges. Published: April 29, 2024; 7:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33401 |
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. Published: April 29, 2024; 6:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-50434 |
emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected. Published: April 29, 2024; 6:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-50433 |
marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service by sending a malicious DHCP packet. The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will crash. Published: April 29, 2024; 6:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-50432 |
simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes free_packet in dhcp_packet.c to dereference a NULL pointer. Published: April 29, 2024; 6:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |