Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-07
Updated
2023-12-09
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-07
Updated
2023-12-09
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-07
Updated
2023-12-09
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
Max CVSS
9.8
EPSS Score
0.32%
Published
2023-12-07
Updated
2023-12-09
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL.
Max CVSS
5.3
EPSS Score
0.10%
Published
2023-12-03
Updated
2023-12-07
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-03
Updated
2023-12-07
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.
Max CVSS
9.1
EPSS Score
0.08%
Published
2023-12-03
Updated
2023-12-07
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-12-03
Updated
2023-12-06
InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier, and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-12-02
Updated
2023-12-07
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
7.2
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-08
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
7.1
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-08
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Max CVSS
9.8
EPSS Score
2.52%
Published
2023-11-30
Updated
2023-12-05
Memory Corruption in SIM management while USIMPhase2init
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-11-30
Updated
2023-12-05
Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-11-30
Updated
2023-12-05
Memory Corruption in IMS while calling VoLTE Streamingmedia Interface
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-30
Updated
2023-12-05
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-29
Updated
2023-12-05
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.21%
Published
2023-11-29
Updated
2023-12-05
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-11-29
Updated
2023-12-05
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-11-29
Updated
2023-12-05
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!