Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-24577 |
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. Published: February 06, 2024; 5:16:15 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24575 |
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2. Published: February 06, 2024; 5:16:15 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-24254 |
PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes. Published: February 06, 2024; 5:16:15 PM -0500 |
V4.0:(not available) V3.1: 4.2 MEDIUM V2.0:(not available) |
CVE-2024-22520 |
An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. Published: February 06, 2024; 5:16:14 PM -0500 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0:(not available) |
CVE-2024-22519 |
An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. Published: February 06, 2024; 5:16:14 PM -0500 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0:(not available) |
CVE-2024-1261 |
A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000. Published: February 06, 2024; 5:16:14 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-1260 |
A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. Published: February 06, 2024; 5:16:14 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-45735 |
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. Published: February 06, 2024; 5:16:14 PM -0500 |
V4.0:(not available) V3.1: 8.0 HIGH V2.0:(not available) |
CVE-2023-45227 |
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. Published: February 06, 2024; 5:16:14 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-45222 |
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. Published: February 06, 2024; 5:16:13 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-45213 |
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. Published: February 06, 2024; 5:16:13 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-42765 |
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. Published: February 06, 2024; 5:16:13 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-40544 |
An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. Published: February 06, 2024; 5:16:13 PM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2023-40143 |
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. Published: February 06, 2024; 5:16:13 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-38579 |
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. Published: February 06, 2024; 5:16:12 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-22515 |
Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. Published: February 06, 2024; 4:15:09 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-22514 |
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. Published: February 06, 2024; 4:15:09 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-1259 |
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability. Published: February 06, 2024; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-1258 |
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability. Published: February 06, 2024; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0:(not available) |
CVE-2024-22241 |
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. Published: February 06, 2024; 3:16:04 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |