The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-33115 | Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. | -- | Apr 1, 2024 | n/a |
| CVE-2023-33111 | Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. | -- | Apr 1, 2024 | n/a |
| CVE-2023-33101 | Transient DOS while processing DL NAS TRANSPORT message with payload length 0. | -- | Apr 1, 2024 | n/a |
| CVE-2023-33100 | Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification. | -- | Apr 1, 2024 | n/a |
| CVE-2023-33099 | Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. | -- | Apr 1, 2024 | n/a |
| CVE-2023-33023 | Memory corruption while processing finish_sign command to pass a rsp buffer. | -- | Apr 1, 2024 | n/a |
| CVE-2023-28547 | Memory corruption in SPS Application while requesting for public key in sorter TA. | -- | Apr 1, 2024 | n/a |
| CVE-2023-6951 | A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | -- | Apr 2, 2024 | n/a |
| CVE-2023-6950 | An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself. | -- | Apr 2, 2024 | n/a |
| CVE-2023-6949 | A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication. | -- | Apr 2, 2024 | n/a |
| CVE-2023-6948 | A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | -- | Apr 2, 2024 | n/a |
| CVE-2023-6191 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | -- | Mar 29, 2024 | n/a |
| CVE-2023-6154 | A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\'s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. | -- | Apr 1, 2024 | n/a |
| CVE-2023-6047 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2. | -- | Mar 29, 2024 | n/a |
| CVE-2022-47153 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1. | -- | Apr 1, 2024 | n/a |
| CVE-2022-4966 | A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 7.0.0-beta.1 is able to address this issue. The patch is identified as 0043a6b1e6e0f5abc9557e73f9ffc524fc5d609d. It is recommended to upgrade the affected component. VDB-258782 is the identifier assigned to this vulnerability. | -- | Apr 1, 2024 | n/a |
| CVE-2020-36828 | A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.4-20210119 is able to address this issue. The name of the patch is 4a9673624f46f7609486778ded9653733020c567. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258612. | -- | Apr 1, 2024 | n/a |
| CVE-2017-20191 | A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is bb240ce0c71c01caabaa43eed30c78ba8d7d3591. It is recommended to upgrade the affected component. The identifier VDB-258621 was assigned to this vulnerability. | -- | Apr 1, 2024 | n/a |
| CVE-2016-15038 | A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780. | -- | Apr 1, 2024 | n/a |
| CVE-2015-10131 | A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620. | -- | Apr 1, 2024 | n/a |
| CVE-2014-125110 | A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.4.4 is able to address this issue. The identifier of the patch is c846327df030a0a97da036a2f07c769ab9284ddb. It is recommended to upgrade the affected component. The identifier VDB-258781 was assigned to this vulnerability. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31140 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | -- | Mar 28, 2024 | n/a |
| CVE-2024-31139 | In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | -- | Mar 28, 2024 | n/a |
| CVE-2024-31138 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | -- | Mar 28, 2024 | n/a |
| CVE-2024-31137 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | -- | Mar 28, 2024 | n/a |
| CVE-2024-31136 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | -- | Mar 28, 2024 | n/a |
| CVE-2024-31135 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | -- | Mar 28, 2024 | n/a |
| CVE-2024-31134 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | -- | Mar 28, 2024 | n/a |
| CVE-2024-31065 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31064 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31063 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31062 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31061 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30612 | Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30607 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30606 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30604 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30603 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30602 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30601 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30600 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30599 | Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30598 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30597 | Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30596 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30595 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30594 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30593 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30592 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. | -- | Mar 28, 2024 | n/a |
| CVE-2024-30591 | Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | -- | Mar 28, 2024 | n/a |
