691
|
8.6 |
HIGH
Network
cisco
|
ios_xe
|
A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utiliz…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-20480
|
2024-10-4 05:07 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
692
|
4.3 |
MEDIUM
Network
|
gestsup
|
gestsup
|
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
|
CWE-352
Origin Validation Error
|
CVE-2023-52060
|
2024-10-4 04:58 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
693
|
5.4 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.
Please note…
|
CWE-79
Cross-site Scripting
|
CVE-2024-36359
|
2024-10-4 04:49 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
694
|
7.8 |
HIGH
Local
|
aveva
|
pi_asset_framework_client
|
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socia…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-3467
|
2024-10-4 04:47 |
2024-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
695
|
4.9 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-37280
|
2024-10-4 04:37 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
696
|
4.6 |
MEDIUM
Physics
|
motorola
|
vigilant_fixed_lpr_coms_box_firmware
|
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-38280
|
2024-10-4 04:36 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
697
|
7.5 |
HIGH
Adjacent
|
samsung
|
syncthru_web_service
|
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
|
NVD-CWE-noinfo
|
CVE-2021-35309
|
2024-10-4 04:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
698
|
8.8 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-787
Out-of-bounds Write
|
CVE-2023-2137
|
2024-10-4 04:35 |
2023-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
699
|
7.5 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafte…
|
CWE-416
Use After Free
|
CVE-2023-2135
|
2024-10-4 04:35 |
2023-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
700
|
7.2 |
HIGH
Network
|
atlassian
|
jira_data_center jira_server
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center al…
|
CWE-94
Code Injection
|
CVE-2022-36799
|
2024-10-4 04:35 |
2022-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|