The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-34538 | Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. | -- | May 6, 2024 | n/a |
| CVE-2024-34529 | Nebari through 2024.4.1 prints the temporary Keycloak root password. | -- | May 6, 2024 | n/a |
| CVE-2024-34528 | WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. | -- | May 6, 2024 | n/a |
| CVE-2024-34527 | spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. | -- | May 6, 2024 | n/a |
| CVE-2024-34525 | FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. | -- | May 6, 2024 | n/a |
| CVE-2024-34524 | In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. | -- | May 6, 2024 | n/a |
| CVE-2024-33655 | -- | May 6, 2024 | n/a | |
| CVE-2024-24787 | -- | May 6, 2024 | n/a | |
| CVE-2024-20064 | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. | -- | May 6, 2024 | n/a |
| CVE-2024-20060 | In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754. | -- | May 6, 2024 | n/a |
| CVE-2024-20059 | In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749. | -- | May 6, 2024 | n/a |
| CVE-2024-20058 | In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204. | -- | May 6, 2024 | n/a |
| CVE-2024-20057 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881. | -- | May 6, 2024 | n/a |
| CVE-2024-20056 | In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. | -- | May 6, 2024 | n/a |
| CVE-2024-20021 | In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. | -- | May 6, 2024 | n/a |
| CVE-2024-4523 | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability. | -- | May 6, 2024 | n/a |
| CVE-2024-4522 | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability. | -- | May 6, 2024 | n/a |
| CVE-2024-4521 | A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124. | -- | May 6, 2024 | n/a |
| CVE-2024-4519 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123. | -- | May 6, 2024 | n/a |
| CVE-2024-4518 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability. | -- | May 6, 2024 | n/a |
| CVE-2024-4517 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability. | -- | May 6, 2024 | n/a |
| CVE-2024-4516 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120. | -- | May 6, 2024 | n/a |
| CVE-2024-4515 | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119. | -- | May 6, 2024 | n/a |
| CVE-2024-4514 | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability. | -- | May 6, 2024 | n/a |
| CVE-2024-4513 | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability. | -- | May 6, 2024 | n/a |
| CVE-2024-4512 | A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116. | -- | May 6, 2024 | n/a |
| CVE-2024-4511 | A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | -- | May 6, 2024 | n/a |
| CVE-2024-4510 | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263114 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | -- | May 6, 2024 | n/a |
| CVE-2024-4509 | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | -- | May 6, 2024 | n/a |
| CVE-2024-4508 | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | -- | May 6, 2024 | n/a |
| CVE-2024-4507 | A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | -- | May 6, 2024 | n/a |
| CVE-2024-4418 | -- | May 6, 2024 | n/a | |
| CVE-2023-32873 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227. | -- | May 6, 2024 | n/a |
| CVE-2023-32871 | In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. | -- | May 6, 2024 | n/a |
| CVE-2024-34519 | Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has privileges that a dashboard visitor should not have. | -- | May 5, 2024 | n/a |
| CVE-2024-34515 | image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). | -- | May 5, 2024 | n/a |
| CVE-2024-34511 | Component Server in Gradio before 4.13 does not properly consider _is_server_fn for functions. | -- | May 5, 2024 | n/a |
| CVE-2024-34510 | Gradio before 4.20 allows credential leakage on Windows. | -- | May 5, 2024 | n/a |
| CVE-2024-34509 | dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | -- | May 5, 2024 | n/a |
| CVE-2024-34508 | dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | -- | May 5, 2024 | n/a |
| CVE-2024-34507 | An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. | -- | May 5, 2024 | n/a |
| CVE-2024-34506 | An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. | -- | May 5, 2024 | n/a |
| CVE-2024-34502 | An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token. | -- | May 5, 2024 | n/a |
| CVE-2024-34500 | An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class. | -- | May 5, 2024 | n/a |
| CVE-2024-34490 | In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | -- | May 5, 2024 | n/a |
| CVE-2024-34489 | OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via length=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34488 | OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34487 | OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via inst.length=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34486 | OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0. | -- | May 5, 2024 | n/a |
| CVE-2024-34484 | OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0. | -- | May 5, 2024 | n/a |
