ID | CVSS | Summary | Last (major) update | Published | |
CVE-2024-27439 | None |
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.
This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.
Apache Wicket 8.x does
|
19-03-2024 - 11:15 | 19-03-2024 - 11:15 | |
CVE-2024-24683 | None |
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0.
Users are recommended to upgrade to version 2.8.0, which fixes the issue.
When Hop Server writes links to the PrepareExecutionPipelineS
|
19-03-2024 - 09:15 | 19-03-2024 - 09:15 | |
CVE-2024-22453 | None |
Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.
|
19-03-2024 - 08:15 | 19-03-2024 - 08:15 | |
CVE-2024-25942 | None |
Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
|
19-03-2024 - 08:15 | 19-03-2024 - 08:15 | |
CVE-2023-42790 | None |
A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows att
|
19-03-2024 - 08:15 | 12-03-2024 - 15:15 | |
CVE-2023-48788 | None |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially
|
19-03-2024 - 08:15 | 12-03-2024 - 15:15 | |
CVE-2024-0054 | None |
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AX
|
19-03-2024 - 07:15 | 19-03-2024 - 07:15 | |
CVE-2024-0055 | None |
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the
|
19-03-2024 - 07:15 | 19-03-2024 - 07:15 | |
CVE-2024-24042 | None |
Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.
|
19-03-2024 - 07:15 | 19-03-2024 - 07:15 | |
CVE-2024-24043 | None |
Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file.
|
19-03-2024 - 07:15 | 19-03-2024 - 07:15 | |
CVE-2024-26369 | None |
An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.
|
19-03-2024 - 06:15 | 19-03-2024 - 06:15 | |
CVE-2024-28446 | None |
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi.
|
19-03-2024 - 06:15 | 19-03-2024 - 06:15 | |
CVE-2024-28447 | None |
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi.
|
19-03-2024 - 06:15 | 19-03-2024 - 06:15 | |
CVE-2024-21503 | None |
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious
|
19-03-2024 - 05:15 | 19-03-2024 - 05:15 | |
CVE-2024-21504 | None |
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a mali
|
19-03-2024 - 05:15 | 19-03-2024 - 05:15 | |
CVE-2024-22017 | None |
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().
This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().
This vuln
|
19-03-2024 - 05:15 | 19-03-2024 - 05:15 | |
CVE-2024-22025 | None |
A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.
The vulnerability stems from the fact that the fetch(
|
19-03-2024 - 05:15 | 19-03-2024 - 05:15 | |
CVE-2024-0646 | None |
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate thei
|
19-03-2024 - 05:15 | 17-01-2024 - 16:15 | |
CVE-2023-7192 | None |
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount
|
19-03-2024 - 05:15 | 02-01-2024 - 19:15 | |
CVE-2023-4459 | None |
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of
|
19-03-2024 - 05:15 | 21-08-2023 - 19:15 | |
CVE-2024-2604 | None |
A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The
|
19-03-2024 - 04:15 | 18-03-2024 - 21:15 | |
CVE-2024-28757 | None |
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
|
19-03-2024 - 03:15 | 10-03-2024 - 05:15 | |
CVE-2023-47995 | None |
Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.
|
19-03-2024 - 03:15 | 09-01-2024 - 23:15 | |
CVE-2023-47997 | None |
An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
|
19-03-2024 - 03:15 | 10-01-2024 - 00:15 | |
CVE-2024-2622 | None |
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/e
|
19-03-2024 - 02:15 | 19-03-2024 - 02:15 | |
CVE-2023-40275 | None |
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2023-40276 | None |
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2023-40277 | None |
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2023-40280 | None |
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2024-2620 | None |
A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2024-2621 | None |
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of th
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2024-23225 | None |
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protectio
|
19-03-2024 - 01:00 | 05-03-2024 - 20:16 | |
CVE-2024-23296 | None |
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report
|
19-03-2024 - 01:00 | 05-03-2024 - 20:16 | |
CVE-2024-24578 | None |
RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28237 | None |
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a w
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28248 | None |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope o
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28249 | None |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a no
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28250 | None |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-e
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28855 | None |
ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28864 | None |
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occu
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28865 | None |
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this i
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2023-49298 | None |
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: t
|
18-03-2024 - 22:15 | 24-11-2023 - 19:15 | |
CVE-2023-6710 | None |
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias
|
18-03-2024 - 22:15 | 12-12-2023 - 22:15 | |
CVE-2013-20001 | 5.0 |
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the config
|
18-03-2024 - 22:15 | 12-02-2021 - 20:15 | |
CVE-2024-22412 | None |
ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access co
|
18-03-2024 - 21:15 | 18-03-2024 - 21:15 | |
CVE-2024-23333 | None |
LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cau
|
18-03-2024 - 21:15 | 18-03-2024 - 21:15 | |
CVE-2024-25654 | None |
Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data st
|
18-03-2024 - 20:15 | 18-03-2024 - 20:15 | |
CVE-2024-25655 | None |
Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successful
|
18-03-2024 - 20:15 | 18-03-2024 - 20:15 | |
CVE-2024-25656 | None |
Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead
|
18-03-2024 - 20:15 | 18-03-2024 - 20:15 | |
CVE-2024-25657 | None |
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites.
|
18-03-2024 - 20:15 | 18-03-2024 - 20:15 |