The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-33844 | The \'control\' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE. | -- | May 3, 2024 | n/a |
| CVE-2024-33835 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function. | -- | May 1, 2024 | n/a |
| CVE-2024-33832 | OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info. | -- | Apr 30, 2024 | n/a |
| CVE-2024-33831 | A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field. | -- | Apr 30, 2024 | n/a |
| CVE-2024-33820 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | -- | May 1, 2024 | n/a |
| CVE-2024-33793 | A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ping test page. | -- | May 3, 2024 | n/a |
| CVE-2024-33792 | A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tracert page. | -- | May 3, 2024 | n/a |
| CVE-2024-33791 | A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. | -- | May 3, 2024 | n/a |
| CVE-2024-33789 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | -- | May 3, 2024 | n/a |
| CVE-2024-33787 | Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx. | -- | May 3, 2024 | n/a |
| CVE-2024-33786 | An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file. | -- | May 3, 2024 | n/a |
| CVE-2024-33775 | An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. | -- | May 2, 2024 | n/a |
| CVE-2024-33768 | lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. | -- | May 1, 2024 | n/a |
| CVE-2024-33767 | lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source. | -- | May 1, 2024 | n/a |
| CVE-2024-33766 | lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0. | -- | May 1, 2024 | n/a |
| CVE-2024-33764 | lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h. | -- | May 1, 2024 | n/a |
| CVE-2024-33763 | lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp. | -- | May 1, 2024 | n/a |
| CVE-2024-33655 | -- | May 6, 2024 | n/a | |
| CVE-2024-33530 | In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby. | -- | May 2, 2024 | n/a |
| CVE-2024-33518 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 | n/a |
| CVE-2024-33517 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 | n/a |
| CVE-2024-33516 | An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller. | -- | May 1, 2024 | n/a |
| CVE-2024-33515 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 | n/a |
| CVE-2024-33514 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 | n/a |
| CVE-2024-33513 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. | -- | May 1, 2024 | n/a |
| CVE-2024-33512 | There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\'s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | -- | May 1, 2024 | n/a |
| CVE-2024-33511 | There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\'s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | -- | May 1, 2024 | n/a |
| CVE-2024-33465 | Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. | -- | Apr 30, 2024 | n/a |
| CVE-2024-33442 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. | -- | May 1, 2024 | n/a |
| CVE-2024-33437 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style Rules. | -- | May 1, 2024 | n/a |
| CVE-2024-33436 | An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables | -- | May 1, 2024 | n/a |
| CVE-2024-33431 | An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. | -- | May 1, 2024 | n/a |
| CVE-2024-33430 | An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | -- | May 1, 2024 | n/a |
| CVE-2024-33429 | Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. | -- | May 1, 2024 | n/a |
| CVE-2024-33428 | Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | -- | May 1, 2024 | n/a |
| CVE-2024-33424 | A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section. | -- | May 1, 2024 | n/a |
| CVE-2024-33423 | Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section. | -- | May 2, 2024 | n/a |
| CVE-2024-33398 | There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster. | -- | May 3, 2024 | n/a |
| CVE-2024-33396 | An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 3, 2024 | n/a |
| CVE-2024-33394 | An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 3, 2024 | n/a |
| CVE-2024-33393 | An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | -- | May 1, 2024 | n/a |
| CVE-2024-33383 | Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter. | -- | May 1, 2024 | n/a |
| CVE-2024-33371 | Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. | -- | May 1, 2024 | n/a |
| CVE-2024-33332 | An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | -- | May 1, 2024 | n/a |
| CVE-2024-33309 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | -- | May 5, 2024 | n/a |
| CVE-2024-33308 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | -- | May 5, 2024 | n/a |
| CVE-2024-33307 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via Last Name parameter in Create User. | -- | May 2, 2024 | n/a |
| CVE-2024-33306 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via First Name parameter in Create User. | -- | May 2, 2024 | n/a |
| CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via Middle Name parameter in Create User. | -- | May 2, 2024 | n/a |
| CVE-2024-33304 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via Last Name under Add Users. | -- | May 1, 2024 | n/a |
