Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-42545 Classic Buffer Overflow vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.
network
low complexity
totolink CWE-120
critical
 9.8
9.8
2024-08-12 CVE-2023-7249 Path Traversal vulnerability in Opentext Directory Services
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1.
network
low complexity
opentext CWE-22
critical
 9.8
9.8
2024-08-12 CVE-2024-42480 Unspecified vulnerability in Clastix Kamaji
Kamaji is the Hosted Control Plane Manager for Kubernetes.
network
low complexity
clastix
critical
 9.9
9.9
2024-08-12 CVE-2024-38530 Unrestricted Upload of File with Dangerous Type vulnerability in Openeclass
The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System.
network
low complexity
openeclass CWE-434
critical
 9.8
9.8
2024-08-12 CVE-2024-42478 Out-of-bounds Read vulnerability in Ggerganov Llama.Cpp
llama.cpp provides LLM inference in C/C++.
network
low complexity
ggerganov CWE-125
critical
 9.8
9.8
2024-08-12 CVE-2024-42479 Out-of-bounds Write vulnerability in Ggerganov Llama.Cpp
llama.cpp provides LLM inference in C/C++.
network
low complexity
ggerganov CWE-787
critical
 9.8
9.8
2024-08-12 CVE-2024-42520 Classic Buffer Overflow vulnerability in Totolink A3002R Firmware 4.0.0B20230531.1404
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
network
low complexity
totolink CWE-120
critical
 9.8
9.8
2024-08-12 CVE-2024-6917 OS Command Injection vulnerability in Veribase Order Management
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2.
network
low complexity
veribase CWE-78
critical
 9.8
9.8
2024-08-12 CVE-2024-21876 Path Traversal vulnerability in Enphase IQ Gateway Firmware
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
network
low complexity
enphase CWE-22
critical
 9.1
9.1
2024-08-12 CVE-2024-21878 OS Command Injection vulnerability in Enphase IQ Gateway Firmware
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.
network
low complexity
enphase CWE-78
critical
 9.8
9.8