701
|
5.3 |
MEDIUM
Network
nokia
|
g-040w-q_firmware
|
Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, re…
|
NVD-CWE-noinfo
|
CVE-2023-41354
|
2024-10-4 04:24 |
2023-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
702
|
7.8 |
HIGH
Local
|
pilz codesys festo wago
|
pmc control_for_beaglebone control_for_empc-a\/imx6 control_for_iot2000 control_for_pfc100 control_for_pfc200 control_for_plcnext control_for_raspberry_pi hmi_v3 control_v3…
|
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-12069
|
2024-10-4 04:18 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
703
|
8.8 |
HIGH
Network
|
twca
|
jcicsecuritytool
|
TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool…
|
NVD-CWE-noinfo
|
CVE-2023-48387
|
2024-10-4 03:40 |
2023-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
704
|
9.8 |
CRITICAL
Network
secom
|
dr.id_attendance_system
|
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database cont…
|
CWE-89
SQL Injection
|
CVE-2024-7732
|
2024-10-4 03:39 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
705
|
6.1 |
MEDIUM
Network
|
openfind
|
mailaudit mailgates
|
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-6739
|
2024-10-4 03:39 |
2024-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
706
|
- |
|
-
|
-
|
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
|
-
|
CVE-2024-46256
|
2024-10-4 03:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
707
|
7.5 |
HIGH
Network
radare
|
radare2
|
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-28070
|
2024-10-4 03:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
708
|
7.5 |
HIGH
Network
radare
|
radare2
|
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
|
CWE-787
Out-of-bounds Write
|
CVE-2022-28069
|
2024-10-4 03:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
709
|
9.8 |
CRITICAL
Network
devolutions
|
remote_desktop_manager
|
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without p…
|
CWE-287
Improper Authentication
|
CVE-2023-4373
|
2024-10-4 03:35 |
2023-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
710
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/mgag200: Bind I2C lifetime to DRM device
Managed cleanup with devm_add_action_or_reset() will release the I2C
adapter when th…
|
NVD-CWE-noinfo
|
CVE-2024-44967
|
2024-10-4 03:21 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|