6.9
CVE-2024-11498 - Resource exhaustion via Stack overflow in libjxl
There exists a stack buffer overflow in libjxl.Β A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend uβ¦
1
CVE-2020-12492 - Wifi information acquisition vulnerability in Framework Services
Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.
4.8
CVE-2020-12491 - Framework Information Disclosure Vulnerability
Improper control of framework service permissions with possibility of some sensitive device information leakage.
8.7
CVE-2024-11664 - eNMS TGZ File controller.py multiselect_filtering path traversal
A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The explβ¦
6.7
CVE-2022-33862 - Improper access control mechanism in IPP
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.
5.1
CVE-2022-33861 - Insufficient verification of authenticity in IPP
IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data.
5.2
CVE-2021-23282 - Stored Cross-site Scripting reported in Intelligent Power Manager v1
Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to comprβ¦
6.9
CVE-2024-11663 - Codezips E-Commerce Site search.php sql injection
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed β¦
5.3
CVE-2024-11662 - welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization
A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initβ¦
5.3
CVE-2024-11661 - Codezips Free Exam Hall Seating Management System Profile Image profile.php unrestricted upload
A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The aβ¦