Total
23573 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-2890 | 2024-03-28 | N/A | 9.1 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. | |||||
CVE-2024-29241 | 2024-03-28 | N/A | 9.9 CRITICAL | ||
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | |||||
CVE-2024-29100 | 2024-03-28 | N/A | 9.1 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. | |||||
CVE-2024-30228 | 2024-03-28 | N/A | 9.9 CRITICAL | ||
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. | |||||
CVE-2024-30227 | 2024-03-28 | N/A | 9.0 CRITICAL | ||
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. | |||||
CVE-2024-30226 | 2024-03-28 | N/A | 9.0 CRITICAL | ||
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | |||||
CVE-2024-30225 | 2024-03-28 | N/A | 10.0 CRITICAL | ||
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. | |||||
CVE-2024-30224 | 2024-03-28 | N/A | 10.0 CRITICAL | ||
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. | |||||
CVE-2024-30223 | 2024-03-28 | N/A | 9.0 CRITICAL | ||
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |||||
CVE-2021-3520 | 4 Lz4 Project, Netapp, Oracle and 1 more | 6 Lz4, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 3 more | 2024-03-27 | 7.5 HIGH | 9.8 CRITICAL |
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | |||||
CVE-2022-36227 | 4 Debian, Fedoraproject, Libarchive and 1 more | 4 Debian Linux, Fedora, Libarchive and 1 more | 2024-03-27 | N/A | 9.8 CRITICAL |
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." | |||||
CVE-2023-6153 | 2024-03-27 | N/A | 9.8 CRITICAL | ||
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2021-22945 | 8 Apple, Debian, Fedoraproject and 5 more | 25 Macos, Debian Linux, Fedora and 22 more | 2024-03-27 | 5.8 MEDIUM | 9.1 CRITICAL |
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | |||||
CVE-2022-32207 | 6 Apple, Debian, Fedoraproject and 3 more | 19 Macos, Debian Linux, Fedora and 16 more | 2024-03-27 | 7.5 HIGH | 9.8 CRITICAL |
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | |||||
CVE-2022-32221 | 5 Apple, Debian, Haxx and 2 more | 13 Macos, Debian Linux, Curl and 10 more | 2024-03-27 | N/A | 9.8 CRITICAL |
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. | |||||
CVE-2023-23914 | 3 Haxx, Netapp, Splunk | 12 Curl, Active Iq Unified Manager, Clustered Data Ontap and 9 more | 2024-03-27 | N/A | 9.1 CRITICAL |
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | |||||
CVE-2023-23656 | 2024-03-27 | N/A | 10.0 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. | |||||
CVE-2023-6173 | 2024-03-27 | N/A | 9.8 CRITICAL | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-28787 | 2024-03-27 | N/A | 9.3 CRITICAL | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. | |||||
CVE-2023-49815 | 2024-03-27 | N/A | 10.0 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. |