Lucene search

K

1app Technologies, Inc Security Vulnerabilities

cve
cve

CVE-2024-20058

In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID:...

5.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
27
cve
cve

CVE-2024-20059

In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...

6.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
27
cve
cve

CVE-2024-20055

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID:...

6AI Score

0.0004EPSS

2024-04-01 03:15 AM
34
cve
cve

CVE-2024-20041

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; Issue ID:...

5.9AI Score

0.0004EPSS

2024-04-01 03:15 AM
31
cve
cve

CVE-2024-21480

Memory corruption while playing audio file having large-sized input...

7.3CVSS

7.1AI Score

0.0005EPSS

2024-05-06 03:15 PM
26
cve
cve

CVE-2024-21476

Memory corruption when the channel ID passed by user is not validated and further...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-05-06 03:15 PM
26
cve
cve

CVE-2023-32873

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID:...

7AI Score

0.0004EPSS

2024-05-06 03:15 AM
27
cve
cve

CVE-2023-32871

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID:...

7AI Score

0.0004EPSS

2024-05-06 03:15 AM
27
cve
cve

CVE-2023-43526

Memory corruption while querying module parameters from Listen Sound model client in kernel from user...

6.7CVSS

6.9AI Score

0.0004EPSS

2024-05-06 03:15 PM
24
cve
cve

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-04-01 03:15 PM
50
cve
cve

CVE-2024-27129

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-05-21 04:15 PM
30
cve
cve

CVE-2024-27128

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-05-21 04:15 PM
27
cve
cve

CVE-2024-27130

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build...

7.2CVSS

7AI Score

0.0004EPSS

2024-05-21 04:15 PM
63
cve
cve

CVE-2024-21902

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

6.4CVSS

6.4AI Score

0.0004EPSS

2024-05-21 04:15 PM
27
cve
cve

CVE-2023-50364

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-04-26 03:15 PM
27
nessus
nessus

RHEL 9 : toolbox (RHSA-2024:2160)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2160 advisory. Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of...

6.1CVSS

7.9AI Score

0.001EPSS

2024-04-30 12:00 AM
7
nessus
nessus

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-flask) (RHSA-2023:3446)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3446 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

7.5CVSS

7.9AI Score

0.002EPSS

2024-04-28 12:00 AM
4
nvd
nvd

CVE-2015-10129

A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity...

5.9CVSS

4.8AI Score

0.001EPSS

2024-02-04 05:15 AM
cve
cve

CVE-2015-10129

A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity...

5.9CVSS

5.8AI Score

0.001EPSS

2024-02-04 05:15 AM
15
cve
cve

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS

7.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
nessus
nessus

RHEL 9 : tomcat (RHSA-2024:3307)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3307 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

6.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
7
cve
cve

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of...

5.3CVSS

6.9AI Score

0.0005EPSS

2024-06-10 10:15 PM
24
cve
cve

CVE-2024-30420

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain...

6.7AI Score

0.0004EPSS

2024-05-22 05:15 AM
26
cve
cve

CVE-2023-49897

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the...

8.8CVSS

8.8AI Score

0.01EPSS

2023-12-06 07:15 AM
123
In Wild
debiancve
debiancve

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.5AI Score

0.0004EPSS

2024-05-22 07:15 AM
4
nvd
nvd

CVE-2024-3670

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-02 05:15 PM
1
cve
cve

CVE-2024-31396

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on.....

7.4AI Score

0.0004EPSS

2024-05-22 05:15 AM
27
ubuntucve
ubuntucve

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
cve
cve

CVE-2024-21900

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and...

6.5CVSS

6.5AI Score

0.0005EPSS

2024-03-08 05:15 PM
42
cve
cve

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

6.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
21
cve
cve

CVE-2024-32849

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its...

7.8CVSS

6.6AI Score

0.0005EPSS

2024-06-10 10:15 PM
21
cve
cve

CVE-2023-41273

A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533...

7.2CVSS

7.1AI Score

0.001EPSS

2024-02-02 04:15 PM
8
cve
cve

CVE-2023-45028

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the...

5.5CVSS

4.9AI Score

0.0004EPSS

2024-02-02 04:15 PM
13
cve
cve

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.4AI Score

0.0004EPSS

2024-05-03 04:15 PM
36
cvelist
cvelist

CVE-2022-48702 ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

7.5AI Score

0.0004EPSS

2024-05-03 03:13 PM
1
nessus
nessus

openSUSE Security Update : gitolite (openSUSE-2019-754)

This update for gitolite fixes the following issues : Gitolite was updated to 3.6.9 : CVE-2018-16976: prevent racy access to repos in process of migration to gitolite (boo#1108272) 'info' learns new '-p' option to show only physical repos (as opposed to wild repos) The update to...

8.1CVSS

7.9AI Score

0.001EPSS

2019-03-27 12:00 AM
8
nvd
nvd

CVE-2024-24312

SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php...

7AI Score

0.0004EPSS

2024-05-01 07:15 PM
nvd
nvd

CVE-2024-24313

An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php...

6.1AI Score

0.0004EPSS

2024-05-01 07:15 PM
cve
cve

CVE-2024-32764

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

9.9CVSS

9.3AI Score

0.001EPSS

2024-04-26 03:15 PM
26
cve
cve

CVE-2023-47220

An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5...

6.6CVSS

7.5AI Score

0.0004EPSS

2024-05-03 03:16 AM
28
cve
cve

CVE-2023-47221

A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...

5.5CVSS

5.2AI Score

0.0004EPSS

2024-03-08 05:15 PM
30
cve
cve

CVE-2023-47222

An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on ....

9.6CVSS

6.3AI Score

0.0004EPSS

2024-04-26 03:15 PM
27
arista
arista

Security Advisory 0097

Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in...

6AI Score

EPSS

2024-05-24 12:00 AM
5
cve
cve

CVE-2024-24312

SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php...

7.3AI Score

0.0004EPSS

2024-05-01 07:15 PM
20
nvd
nvd

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.4AI Score

0.0004EPSS

2024-05-20 10:15 AM
cve
cve

CVE-2023-41290

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...

4.1CVSS

6.3AI Score

0.0004EPSS

2024-04-26 03:15 PM
24
cve
cve

CVE-2024-21901

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS....

4.7CVSS

5.2AI Score

0.001EPSS

2024-03-08 05:15 PM
34
cvelist
cvelist

CVE-2024-24312

SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php...

7.2AI Score

0.0004EPSS

2024-05-01 12:00 AM
1
nvd
nvd

CVE-2024-4444

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

5.3CVSS

5.7AI Score

0.001EPSS

2024-05-14 03:43 PM
nessus
nessus

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d Authentication Bypass (CVE-2023-4957)

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...

5.4CVSS

7.3AI Score

0.0004EPSS

2024-05-06 12:00 AM
3
Total number of security vulnerabilities308254