CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2024-21902 | An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | September 11, 2024. 13:37:00 | [www.qnap.com] |
| CVE-2024-21903 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:36:00 | [www.qnap.com] |
| CVE-2024-21898 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:35:00 | [www.qnap.com] |
| CVE-2024-21897 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:34:00 | [www.qnap.com] |
| CVE-2023-51368 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:33:00 | [www.qnap.com] |
| CVE-2023-51366 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:32:00 | [www.qnap.com] |
| CVE-2023-50366 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:31:00 | [www.qnap.com] |
| CVE-2023-50363 | An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:30:00 | [www.qnap.com] |
| CVE-2023-50364 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:27:00 | [www.qnap.com] |
| CVE-2023-51367 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:27:00 | [www.qnap.com] |
| CVE-2024-39818 | Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | September 11, 2024. 13:27:00 | [www.zoom.com] |
| CVE-2023-50362 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:26:00 | [www.qnap.com] |
| CVE-2023-50361 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | September 11, 2024. 13:25:00 | [www.qnap.com] |
| CVE-2024-22217 | A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on. | September 11, 2024. 13:19:00 | [docs.terminalfour.com][docs.terminalfour.com] |
| CVE-2024-45790 | This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. | September 11, 2024. 13:15:00 | [www.cert-in.org.in] |
| CVE-2024-6091 | A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing commands with a modified path, such as '/bin/./whoami', which is not recognized by the denylist. | September 11, 2024. 13:15:00 | [huntr.com][github.com] |
| CVE-2024-43381 | reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3. | September 11, 2024. 13:02:00 | [github.com][github.com] |
| CVE-2024-42638 | H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | September 11, 2024. 12:53:00 | [palm-vertebra-fe9.notion.site][www.h3c.com] |
| CVE-2024-34727 | In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | September 11, 2024. 12:43:00 | [android.googlesource.com][source.android.com] |
| CVE-2024-7868 | In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. | September 11, 2024. 12:40:00 | [www.xpdfreader.com] |
Page 5 of 1342
