CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2020-12762 | json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. | September 25, 2023. 02:30:00 | [github.com][github.com] |
| CVE-2020-10627 | Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. | September 25, 2023. 02:30:00 | [us-cert.cisa.gov][www.myomnipod.com] |
| CVE-2021-36767 | In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. | September 25, 2023. 02:30:00 | [raw.githubusercontent.com] |
| CVE-2013-6370 | Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. | September 25, 2023. 02:30:00 | [www.securityfocus.com][github.com] |
| CVE-2013-6371 | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | September 25, 2023. 02:30:00 | [secunia.com][bugzilla.redhat.com] |
| CVE-2022-42965 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | September 25, 2023. 02:29:00 | [research.jfrog.com] |
| CVE-2022-32190 | JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. | September 25, 2023. 02:29:00 | [go.dev][groups.google.com] |
| CVE-2019-9017 | DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. | September 25, 2023. 02:29:00 | [www.binaryworld.it][www.exploit-db.com] |
| CVE-2022-3962 | A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. | September 25, 2023. 01:35:00 | [bugzilla.redhat.com][access.redhat.com] |
| CVE-2023-41874 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions. | September 25, 2023. 01:35:00 | [patchstack.com] |
| CVE-2023-41948 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions. | September 25, 2023. 01:35:00 | [patchstack.com] |
| CVE-2023-41949 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions. | September 25, 2023. 01:35:00 | [patchstack.com] |
| CVE-2020-21047 | The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. | September 23, 2023. 20:15:00 | [sourceware.org][sourceware.org] |
| CVE-2023-42261 | ** DISPUTED ** Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server. | September 23, 2023. 04:15:00 | [github.com][github.com] |
| CVE-2023-41027 | Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | September 23, 2023. 03:46:00 | [blog.exodusintel.com] |
| CVE-2023-41029 | Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. | September 23, 2023. 03:46:00 | [blog.exodusintel.com] |
| CVE-2023-41031 | Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint. | September 23, 2023. 03:46:00 | [blog.exodusintel.com] |
| CVE-2023-43129 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. | September 23, 2023. 03:46:00 | [github.com][www.dlink.com.cn] |
| CVE-2023-43130 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. | September 23, 2023. 03:46:00 | [github.com][www.dlink.com.cn] |
| CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | September 23, 2023. 03:46:00 | [github.com] |
Page 788 of 1342
