Lucene search

K

Ragic, Inc. Security Vulnerabilities

nvd
nvd

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or....

7.6AI Score

0.011EPSS

2007-08-09 09:17 PM
1
cve
cve

CVE-2024-27127

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520...

7.2CVSS

7.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
27
cve
cve

CVE-2023-50362

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

5CVSS

7.1AI Score

0.0004EPSS

2024-04-26 03:15 PM
26
nvd
nvd

CVE-2024-4213

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...

5.3CVSS

5.6AI Score

0.0005EPSS

2024-05-14 03:43 PM
1
cve
cve

CVE-2024-32988

'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is...

6.4AI Score

0.0004EPSS

2024-05-22 08:15 AM
39
nvd
nvd

CVE-2022-31734

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY...

6.1CVSS

0.001EPSS

2022-06-20 10:15 AM
1
cve
cve

CVE-2023-43542

Memory corruption while copying a keyblobs material when the key materials size is not accurately...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-03 10:15 AM
22
cve
cve

CVE-2024-20072

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID:...

7.3AI Score

0.0004EPSS

2024-06-03 02:15 AM
14
cve
cve

CVE-2024-20069

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330;...

6.4AI Score

0.0004EPSS

2024-06-03 02:15 AM
23
nvd
nvd

CVE-2007-4180

Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed...

6.7AI Score

0.007EPSS

2007-08-08 01:17 AM
1
nvd
nvd

CVE-2007-4181

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...

7.5AI Score

0.015EPSS

2007-08-08 01:17 AM
1
cve
cve

CVE-2023-50361

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

5CVSS

7.1AI Score

0.0004EPSS

2024-04-26 03:15 PM
29
cve
cve

CVE-2024-23360

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU...

8.4CVSS

7.3AI Score

0.001EPSS

2024-06-03 10:15 AM
16
cve
cve

CVE-2024-28893

Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages...

7.6AI Score

0.0004EPSS

2024-05-01 04:15 PM
29
cve
cve

CVE-2024-23351

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC...

8.4CVSS

7.1AI Score

0.001EPSS

2024-05-06 03:15 PM
29
cve
cve

CVE-2024-20064

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID:...

7.1AI Score

0.0004EPSS

2024-05-06 03:15 AM
27
cve
cve

CVE-2024-20044

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID:...

7AI Score

0.0004EPSS

2024-04-01 03:15 AM
33
cve
cve

CVE-2024-20056

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID:...

6.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
26
cve
cve

CVE-2024-20060

In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...

6.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
28
cve
cve

CVE-2024-20021

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID:...

6.7AI Score

0.0004EPSS

2024-05-06 03:15 AM
25
cve
cve

CVE-2024-20071

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID:...

6.3AI Score

0.0004EPSS

2024-06-03 02:15 AM
15
cve
cve

CVE-2024-21478

transient DOS when setting up a fence callback to free a KGSL memory entry object during...

6.2CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
15
cve
cve

CVE-2024-21584

Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the...

6.2AI Score

0.0004EPSS

2024-03-12 08:15 AM
30
cve
cve

CVE-2024-3374

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-05-14 04:17 PM
24
cve
cve

CVE-2023-4063

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET...

6.7AI Score

0.0004EPSS

2024-03-22 06:15 PM
31
cve
cve

CVE-2023-43537

Information disclosure while handling T2LM Action Frame in WLAN...

6.5CVSS

7.1AI Score

0.0005EPSS

2024-06-03 10:15 AM
14
cve
cve

CVE-2023-43524

Memory corruption when the bandpass filter order received from AHAL is not within the expected...

6.7CVSS

7.1AI Score

0.0004EPSS

2024-05-06 03:15 PM
26
cve
cve

CVE-2024-20073

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID:...

7.4AI Score

0.0004EPSS

2024-06-03 02:15 AM
14
cve
cve

CVE-2007-4181

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...

7.5AI Score

0.015EPSS

2007-08-08 01:17 AM
20
cve
cve

CVE-2024-27129

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-05-21 04:15 PM
31
cve
cve

CVE-2024-27128

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-05-21 04:15 PM
28
cve
cve

CVE-2024-27130

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build...

7.2CVSS

7AI Score

0.0004EPSS

2024-05-21 04:15 PM
65
cve
cve

CVE-2024-21902

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

6.4CVSS

6.4AI Score

0.0004EPSS

2024-05-21 04:15 PM
30
cve
cve

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode...

9.1CVSS

7AI Score

0.001EPSS

2024-06-03 10:15 AM
25
cve
cve

CVE-2023-50364

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-04-26 03:15 PM
28
cve
cve

CVE-2024-28745

Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed....

6.7AI Score

0.0004EPSS

2024-03-18 04:15 AM
38
cve
cve

CVE-2024-20053

In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:...

7AI Score

0.0004EPSS

2024-04-01 03:15 AM
33
cve
cve

CVE-2024-20028

In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:...

6.9AI Score

0.0004EPSS

2024-03-04 03:15 AM
28
cve
cve

CVE-2024-20038

In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID:...

5.9AI Score

0.0004EPSS

2024-03-04 03:15 AM
34
cve
cve

CVE-2024-20020

In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID:...

6.1AI Score

0.0004EPSS

2024-03-04 03:15 AM
31
cve
cve

CVE-2024-20050

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:...

6AI Score

0.0004EPSS

2024-04-01 03:15 AM
34
cve
cve

CVE-2024-20051

In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:...

6.5AI Score

0.0004EPSS

2024-04-01 03:15 AM
35
cve
cve

CVE-2024-20030

In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:...

6AI Score

0.0004EPSS

2024-03-04 03:15 AM
32
cve
cve

CVE-2024-21473

Memory corruption while redirecting log file to any file location with any file...

9.8CVSS

9.5AI Score

0.001EPSS

2024-04-01 03:15 PM
43
cve
cve

CVE-2024-3281

A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized...

6.6AI Score

0.0004EPSS

2024-04-09 04:15 PM
23
cve
cve

CVE-2023-43544

Memory corruption when IPC callback handle is used after it has been released during register callback by another...

6.7CVSS

7.5AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
cve
cve

CVE-2022-48220

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential...

6.9AI Score

0.0004EPSS

2024-02-14 11:15 PM
9
debiancve
debiancve

CVE-2021-47552

In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
5
cvelist
cvelist

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...

6.2AI Score

0.006EPSS

2023-01-02 12:00 AM
1
vulnrichment
vulnrichment

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...

5.8AI Score

0.006EPSS

2023-01-02 12:00 AM
1
Total number of security vulnerabilities288601