Latest CVE Feed
-
9.0
HIGHCVE-2024-8231
A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow.... Read more
- Published: Aug. 28, 2024
- Modified: Oct. 16, 2024
-
6.7
MEDIUMCVE-2024-23378
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.... Read more
Affected Products : qca6584au_firmware qca6698aq_firmware sa9000p_firmware qam8255p_firmware sa8255p_firmware qam8650p_firmware qam8775p_firmware qca6584au sa8770p_firmware sa8775p_firmware +26 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
6.7
MEDIUMCVE-2024-23379
Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.... Read more
Affected Products : wcd9341_firmware wcd9380_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware qca6310_firmware qca6584au_firmware qca6698aq_firmware wcd9335_firmware +58 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.7
HIGHCVE-2024-45290
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by r... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
8.2
HIGHCVE-2024-33064
Information disclosure while parsing the multiple MBSSID IEs from the beacon.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-33066
Memory corruption while redirecting log file to any file location with any file name.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33069
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware sw5100_firmware sw5100p_firmware +78 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33070
Transient DOS while parsing ESP IE from beacon/probe response frame.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33071
Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
5.3
MEDIUMCVE-2024-48790
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more
Affected Products :- Published: Oct. 14, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-48782
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-48781
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-44775
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.... Read more
Affected Products :- Published: Oct. 11, 2024
- Modified: Oct. 16, 2024
-
9.1
CRITICALCVE-2024-44730
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.... Read more
Affected Products :- Published: Oct. 11, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.... Read more
Affected Products :- Published: Oct. 11, 2024
- Modified: Oct. 16, 2024
-
7.7
HIGHCVE-2024-43687
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more
- Published: Oct. 04, 2024
- Modified: Oct. 16, 2024
-
7.1
HIGHCVE-2024-38097
Azure Monitor Agent Elevation of Privilege Vulnerability... Read more
Affected Products : azure_monitor_agent- Published: Oct. 08, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGH- Published: Oct. 08, 2024
- Modified: Oct. 16, 2024
-
6.1
MEDIUMCVE-2024-43686
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more
- Published: Oct. 04, 2024
- Modified: Oct. 16, 2024