CVE-2024-36416

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-779
View all →

Vulnerability Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Related Vulnerabilities

CVE-2022-31004

HIGH
CVSS:7.5(High)

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method write...

CWE-7792022

CVE-2024-36072

CRITICAL
CVSS:9.8(Critical)

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server appli...

CWE-7792024

CVE-2022-31004

HIGH
CVSS:7.5(High)

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method write...

CWE-7792022

CVE-2021-25420

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021

CVE-2021-25421

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021

CVE-2021-25422

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021