CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 9, 2024. 06:20:32 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-50364 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | May 9, 2024. 01:15:00 | [www.qnap.com] |
| CVE-2024-26579 | Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 | May 8, 2024. 22:15:00 | [lists.apache.org][github.com] |
| CVE-2024-3661 | DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | May 8, 2024. 22:15:00 | [datatracker.ietf.org][datatracker.ietf.org] |
| CVE-2023-40533 | Rejected reason: This CVE ID is a duplicate of CVE-2022-40468 | May 8, 2024. 22:15:00 | |
| CVE-2024-1459 | A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. | May 8, 2024. 17:15:00 | [access.redhat.com][bugzilla.redhat.com] |
| CVE-2024-25528 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | May 8, 2024. 17:15:00 | [gist.github.com] |
| CVE-2024-25532 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | May 8, 2024. 17:15:00 | [gist.github.com] |
| CVE-2024-25533 | Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. | May 8, 2024. 17:15:00 | [gist.github.com] |
| CVE-2024-33382 | An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | May 8, 2024. 17:15:00 | [github.com] |
| CVE-2024-34244 | libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. | May 8, 2024. 17:15:00 | [github.com] |
| CVE-2024-34257 | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. | May 8, 2024. 17:15:00 | [immense-mirror-b42.notion.site] |
| CVE-2024-25517 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25518 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25520 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25521 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25522 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25523 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25524 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25525 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25526 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
Page 1 of 1253
