551
|
7.2 |
HIGH
Network
|
atlassian
|
jira_data_center jira_server
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center al…
Update
|
CWE-94
Code Injection
|
CVE-2022-36799
|
2024-10-4 04:35 |
2022-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
552
|
5.3 |
MEDIUM
Network
nokia
|
g-040w-q_firmware
|
Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, re…
Update
|
NVD-CWE-noinfo
|
CVE-2023-41354
|
2024-10-4 04:24 |
2023-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
553
|
7.8 |
HIGH
Local
|
pilz codesys festo wago
|
pmc control_for_beaglebone control_for_empc-a\/imx6 control_for_iot2000 control_for_pfc100 control_for_pfc200 control_for_plcnext control_for_raspberry_pi hmi_v3 control_v3…
|
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can…
Update
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-12069
|
2024-10-4 04:18 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
554
|
8.8 |
HIGH
Network
|
twca
|
jcicsecuritytool
|
TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool…
Update
|
NVD-CWE-noinfo
|
CVE-2023-48387
|
2024-10-4 03:40 |
2023-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
555
|
9.8 |
CRITICAL
Network
secom
|
dr.id_attendance_system
|
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database cont…
Update
|
CWE-89
SQL Injection
|
CVE-2024-7732
|
2024-10-4 03:39 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
556
|
6.1 |
MEDIUM
Network
|
openfind
|
mailaudit mailgates
|
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-6739
|
2024-10-4 03:39 |
2024-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
557
|
- |
|
-
|
-
|
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
Update
|
-
|
CVE-2024-46256
|
2024-10-4 03:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
558
|
7.5 |
HIGH
Network
radare
|
radare2
|
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-28070
|
2024-10-4 03:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
559
|
7.5 |
HIGH
Network
radare
|
radare2
|
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2022-28069
|
2024-10-4 03:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
560
|
9.8 |
CRITICAL
Network
devolutions
|
remote_desktop_manager
|
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without p…
Update
|
CWE-287
Improper Authentication
|
CVE-2023-4373
|
2024-10-4 03:35 |
2023-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|