U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 242,739 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2024-40416

A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

Published: July 15, 2024; 2:15:05 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-40415

A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

Published: July 15, 2024; 2:15:05 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-39827

Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.

Published: July 15, 2024; 2:15:05 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-39826

Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.

Published: July 15, 2024; 2:15:05 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-39821

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access.

Published: July 15, 2024; 2:15:04 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-39820

Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.

Published: July 15, 2024; 2:15:04 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-39819

Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.

Published: July 15, 2024; 2:15:04 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37016

Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay approach.

Published: July 15, 2024; 2:15:04 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27241

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Published: July 15, 2024; 2:15:04 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27240

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.

Published: July 15, 2024; 2:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27238

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.

Published: July 15, 2024; 2:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-40414

A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

Published: July 15, 2024; 1:15:02 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-40560

Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability.

Published: July 15, 2024; 12:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-40555

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability.

Published: July 15, 2024; 12:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-40554

An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information.

Published: July 15, 2024; 12:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-40553

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage.

Published: July 15, 2024; 12:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-6716

A flaw was found in libtiff. This flaw allows an attacker to create a crafted tiff file, forcing libtiff to allocate memory indefinitely. This issue can result in a denial of service of the system consuming libtiff due to memory starvation.

Published: July 15, 2024; 11:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-38496

The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.

Published: July 15, 2024; 11:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-38495

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database.

Published: July 15, 2024; 11:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-6689

Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.

Published: July 15, 2024; 10:15:03 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)