5.3
CVE-2024-11050 - AMTT Hotel Broadband Operation System language.php cross site scripting
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initβ¦
6.3
CVE-2024-11049 - ZKTeco ZKBio Time Image File photo direct request
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attacβ¦
8.7
CVE-2024-11048 - D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been discloβ¦
8.7
CVE-2024-11047 - D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotelβ¦
5.3
CVE-2024-11046 - D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp os command injection
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit hasβ¦
9.1
CVE-2021-35473 -
An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4.
7.8
CVE-2024-46951 - ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
7.8
CVE-2024-46956 - ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
8.4
CVE-2024-46952 - ghostscript: Buffer Overflow in Ghostscript PDF XRef Stream Handling
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
7.8
CVE-2024-46953 - ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.