|
312831
|
8.8 |
HIGH
Network
|
qnap
|
qts
quts_hero
|
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a …
|
CWE-120
CWE-121
Classic Buffer Overflow
Stack-based Buffer Overflow
|
CVE-2023-51367
|
2024-09-11 22:27 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312832
|
6.5 |
MEDIUM
Network
|
zoom
|
workplace
workplace_desktop
workplace_virtual_desktop_infrastructure
rooms
|
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-39818
|
2024-09-11 22:27 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312833
|
6.5 |
MEDIUM
Network
|
terminalfour
|
terminalfour
|
A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-22217
|
2024-09-11 22:19 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312834
|
5.4 |
MEDIUM
Network
|
yogeshojha
|
rengine
|
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43381
|
2024-09-11 22:02 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312835
|
9.8 |
CRITICAL
Network
|
h3c
|
magic_b1st_firmware
|
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-42638
|
2024-09-11 21:53 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312836
|
7.5 |
HIGH
Network
|
google
|
android
|
In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution pri…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-34727
|
2024-09-11 21:43 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312837
|
8.2 |
HIGH
Network
|
xpdfreader
|
xpdf
|
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read fro…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-7868
|
2024-09-11 21:40 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312838
|
8.8 |
HIGH
Network
|
xyzscripts
|
insert_php_code_snippet
|
Cross-Site Request Forgery (CSRF) vulnerability in xyzscripts.Com Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6.
|
CWE-352
Origin Validation Error
|
CVE-2024-43275
|
2024-09-11 21:33 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312839
|
- |
|
-
|
-
|
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).
This issue affects: Comm…
|
-
|
CVE-2024-43690
|
2024-09-11 14:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312840
|
- |
|
-
|
-
|
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious …
|
-
|
CVE-2024-21529
|
2024-09-11 14:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
