Total
9775 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7258 | 1 Anibal Monsalve Salaz | 1 Ssmtp | 2024-04-11 | 2.1 LOW | N/A |
The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact | |||||
CVE-2008-5186 | 1 Geshi | 1 Geshi | 2024-04-11 | 7.5 HIGH | N/A |
The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path | |||||
CVE-2007-5440 | 1 Crs Manager | 1 Crs Manager | 2024-04-11 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker | |||||
CVE-2007-5035 | 1 Openengine | 1 Openengine | 2024-04-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement | |||||
CVE-2005-1682 | 1 Solstice | 1 Solstice Internet Mail Server | 2024-04-11 | 2.1 LOW | N/A |
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products. | |||||
CVE-2024-0218 | 2024-04-10 | N/A | 7.5 HIGH | ||
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted. | |||||
CVE-2024-3385 | 2024-04-10 | N/A | 7.5 HIGH | ||
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls | |||||
CVE-2024-3101 | 2024-04-10 | N/A | 6.7 MEDIUM | ||
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access. | |||||
CVE-2024-20670 | 2024-04-10 | N/A | 8.1 HIGH | ||
Outlook for Windows Spoofing Vulnerability | |||||
CVE-2024-31865 | 2024-04-10 | N/A | N/A | ||
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | |||||
CVE-2024-26253 | 2024-04-10 | N/A | 6.8 MEDIUM | ||
Windows rndismp6.sys Remote Code Execution Vulnerability | |||||
CVE-2024-28897 | 2024-04-10 | N/A | 6.8 MEDIUM | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-26189 | 2024-04-10 | N/A | 8.0 HIGH | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-25116 | 2024-04-10 | N/A | 5.5 MEDIUM | ||
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | |||||
CVE-2024-31867 | 2024-04-10 | N/A | N/A | ||
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | |||||
CVE-2024-26240 | 2024-04-10 | N/A | 8.0 HIGH | ||
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2024-21507 | 2024-04-10 | N/A | 6.5 MEDIUM | ||
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | |||||
CVE-2024-20758 | 2024-04-10 | N/A | 9.0 CRITICAL | ||
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. | |||||
CVE-2015-6461 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-04-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | |||||
CVE-2018-7761 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-04-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. |