Latest CVE Feed
-
0.0
NONECVE-2024-46554
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
0.0
NONECVE-2024-46553
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
0.0
NONECVE-2024-46552
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
0.0
NONECVE-2024-46551
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
0.0
NONECVE-2024-46550
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.8
CVSS31CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code wil... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.8
CVSS31CVE-2024-44542
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-39590
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker c... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-39589
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker c... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-36981
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-36980
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.8
CVSS31CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.0
CVSS31CVE-2024-34026
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can ... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-49203
Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28457
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28456
An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28455
An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
0.0
NONECVE-2023-28452
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge ... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28451
An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit wo... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
8.3
CVSS31CVE-2022-25776
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.... Read more
Affected Products : mautic- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024