|
306591
|
- |
|
-
|
-
|
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through 3.2.…
|
CWE-862
Missing Authorization
|
CVE-2024-37094
|
2024-11-20 03:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306592
|
7.2 |
HIGH
Network
|
craftcms
|
craft_cms
|
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This e…
|
CWE-22
Path Traversal
|
CVE-2024-52291
|
2024-11-20 03:06 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306593
|
4.8 |
MEDIUM
Network
|
webkul
|
unopim
|
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account wi…
|
CWE-616
CWE-692
Incomplete Identification of Uploaded File Variables (PHP)
Incomplete Denylist to Cross-Site Scripting
|
CVE-2024-52305
|
2024-11-20 03:04 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306594
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
|
NVD-CWE-Other
|
CVE-2024-42392
|
2024-11-20 02:55 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306595
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
|
NVD-CWE-Other
|
CVE-2024-42383
|
2024-11-20 02:55 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306596
|
7.0 |
HIGH
Local
|
cesanta
|
mongoose
|
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.
|
NVD-CWE-Other
|
CVE-2024-42385
|
2024-11-20 02:54 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306597
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-42384
|
2024-11-20 02:54 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306598
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
|
NVD-CWE-Other
|
CVE-2024-42386
|
2024-11-20 02:52 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306599
|
5.3 |
MEDIUM
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…
|
NVD-CWE-Other
|
CVE-2024-42389
|
2024-11-20 02:51 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306600
|
5.3 |
MEDIUM
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…
|
NVD-CWE-Other
|
CVE-2024-42388
|
2024-11-20 02:51 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
