CVE-2024-41660 : OPENBMC SLPD-LITE SERVICE PORT 427 BUFFER OVERFLOW
Description slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when…
CVE-2024-41630 : TENDA AC18 15.03.3.10_EN FAST_SETTING_WIFI_SET FORM_FAST_SETTING_WIFI_SET SSID STACK-BASED OVERFLOW
Description Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set. References https://www.tendacn.com/hk/download/detail-3863.html…
CVE-2024-40645 : FOGPROJECT FOG PRIOR 1.5.10.41 BANNER IMAGE UNRESTRICTED UPLOAD
Description FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server.…
CVE-2024-6973 : CATO NETWORKS SDP CLIENT UP TO 5.10.33 ON WINDOWS OS COMMAND INJECTION
Description Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34. References https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs For More Information…
CVE-2024-7340 : WEAVE TRAVERSE UP TO 0.50.7 INPUT VALIDATION
Description The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is…
CVE-2024-37901 : XWIKI-PLATFORM UP TO 14.10.20/15.5.4/15.10.1 AUTHORIZATION
Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any…