Weekly Vulnerabilities Reports > April 1 to 7, 2024
Overview
51 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 32 products from 11 vendors including Google, Ivanti, Tenda, Dlink, and IBM. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "NULL Pointer Dereference", "Use of a Broken or Risky Cryptographic Algorithm", and "Use of Uninitialized Resource".
- 36 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 36 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Tenda has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-04-04 | CVE-2024-21894 | Ivanti | Out-of-bounds Write vulnerability in Ivanti Connect Secure and Policy Secure A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. | 9.8 |
2024-04-04 | CVE-2024-3272 | Dlink | Use of Hard-coded Credentials vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |
2024-04-04 | CVE-2024-3273 | Dlink | Command Injection vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |
2024-04-02 | CVE-2024-30620 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. | 9.8 |
2024-04-02 | CVE-2024-30621 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. | 9.8 |
2024-04-01 | CVE-2024-21473 | Memory corruption while redirecting log file to any file location with any file name. | 9.8 | |
2024-04-04 | CVE-2024-2692 | SiYuan version 3.0.3 allows executing arbitrary commands on the server. | 9.6 |
24 High Vulnerabilities
20 Medium Vulnerabilities
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|