Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30587 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | ||||
| CVE-2024-30586 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 6.5 Medium |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | ||||
| CVE-2024-30585 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 6.5 Medium |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | ||||
| CVE-2024-30584 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | ||||
| CVE-2024-30583 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 8.0 High |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. | ||||
| CVE-2024-30596 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. | ||||
| CVE-2024-30594 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 6.5 Medium |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | ||||
| CVE-2024-30593 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. | ||||
| CVE-2024-30595 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. | ||||
| CVE-2024-21104 | 1 Oracle | 2 Sun Zfs Storage Appliance Kit, Zfs Storage Appliance Kit | 2025-03-13 | 6.5 Medium |
| Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-24699 | 1 Zoom | 4 Meeting Sdk, Rooms, Vdi Windows Meeting Clients and 1 more | 2025-03-13 | 6.5 Medium |
| Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. | ||||
| CVE-2020-0878 | 1 Microsoft | 19 Chakracore, Edge, Internet Explorer and 16 more | 2025-03-13 | 4.2 Medium |
| <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> | ||||
| CVE-2020-6287 | 1 Sap | 1 Netweaver Application Server Java | 2025-03-13 | 10.0 Critical |
| SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. | ||||
| CVE-2020-3952 | 1 Vmware | 1 Vcenter Server | 2025-03-13 | 9.8 Critical |
| Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. | ||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2025-03-13 | 7.8 High |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | ||||
| CVE-2020-6207 | 1 Sap | 1 Solution Manager | 2025-03-13 | 9.8 Critical |
| SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. | ||||
| CVE-2019-10758 | 1 Mongo-express Project | 1 Mongo-express | 2025-03-13 | 9.9 Critical |
| mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. | ||||
| CVE-2024-21049 | 3 Netapp, Oracle, Redhat | 7 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 4 more | 2025-03-13 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-9502 | 1 Master-addons | 1 Master Addons | 2025-03-13 | 6.4 Medium |
| The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Tooltip module in all versions up to, and including, 2.0.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12719 | 1 Iptanus | 1 Wordpress File Upload | 2025-03-13 | 4.3 Medium |
| The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to view directories and subdirectories in WordPress. Files cannot be viewed. | ||||