Total
306917 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41206 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
| A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file. | |||||
| CVE-2024-40579 | 2024-11-15 | N/A | 5.4 MEDIUM | ||
| Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter. | |||||
| CVE-2024-21949 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 5.5 MEDIUM |
| Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. | |||||
| CVE-2024-21974 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 7.8 HIGH |
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | |||||
| CVE-2024-21975 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | N/A | 7.8 HIGH |
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | |||||
| CVE-2024-49778 | 2024-11-15 | N/A | 8.8 HIGH | ||
| A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. | |||||
| CVE-2024-49777 | 2024-11-15 | N/A | 8.8 HIGH | ||
| A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file. | |||||
| CVE-2024-49776 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
| A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file. | |||||
| CVE-2024-11065 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||||
| CVE-2024-11064 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||||
| CVE-2024-11063 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||||
| CVE-2024-11062 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||||
| CVE-2024-47178 | 1 Expressjs | 1 Basic-auth-connect | 2024-11-15 | N/A | 5.3 MEDIUM |
| basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0. | |||||
| CVE-2024-47530 | 1 Clinical-genomics | 1 Scout | 2024-11-15 | N/A | 6.1 MEDIUM |
| Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. | |||||
| CVE-2024-47531 | 1 Clinical-genomics | 1 Scout | 2024-11-15 | N/A | 3.5 LOW |
| Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89. | |||||
| CVE-2024-47532 | 1 Zope | 1 Restrictedpython | 2024-11-15 | N/A | 6.5 MEDIUM |
| RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment. | |||||
| CVE-2024-11130 | 1 Zzcms | 1 Zzcms | 2024-11-15 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-52355 | 1 Hyumika | 1 Openstreetmap | 2024-11-15 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM – OpenStreetMap allows Stored XSS.This issue affects OSM – OpenStreetMap: from n/a through 6.1.2. | |||||
| CVE-2024-52354 | 1 Coolplugins | 1 Web Stories Widgets For Elementor | 2024-11-15 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through 1.1. | |||||
| CVE-2024-52353 | 1 Sharethepractice | 1 Christian Science Bible Lesson Subjects | 2024-11-15 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects allows DOM-Based XSS.This issue affects Christian Science Bible Lesson Subjects: from n/a through 2.0. | |||||