31
|
7.5 |
HIGH
Network
ibm
|
aspera_console
|
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerabilit…
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2022-43845
|
2024-10-1 00:53 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
32
|
4.9 |
MEDIUM
Network
|
zyxel
|
wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…
|
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated at…
Update
|
NVD-CWE-noinfo
|
CVE-2024-38268
|
2024-10-1 00:52 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
4.9 |
MEDIUM
Network
|
zyxel
|
wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…
|
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated a…
Update
|
NVD-CWE-noinfo
|
CVE-2024-38267
|
2024-10-1 00:52 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
4.9 |
MEDIUM
Network
|
zyxel
|
wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…
|
An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authentica…
Update
|
NVD-CWE-noinfo
|
CVE-2024-38269
|
2024-10-1 00:51 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
8.0 |
HIGH
Network
|
ibm
|
aspera_console
|
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a s…
Update
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-38963
|
2024-10-1 00:48 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
6.8 |
MEDIUM
Physics
|
sony
|
xav-ax5500_firmware
|
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installa…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-23972
|
2024-10-1 00:37 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
6.8 |
MEDIUM
Physics
|
sony
|
xav-ax5500_firmware
|
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations…
Update
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2024-23922
|
2024-10-1 00:37 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
8.8 |
HIGH
Network
|
checkmk
|
checkmk
|
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-8606
|
2024-10-1 00:32 |
2024-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
9.8 |
CRITICAL
Network
riello-ups
|
netman_204_firmware
|
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204:…
Update
|
CWE-89
SQL Injection
|
CVE-2024-8877
|
2024-10-1 00:31 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
40
|
5.4 |
MEDIUM
Network
|
stirlingpdf
|
stirling_pdf
|
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9075
|
2024-10-1 00:27 |
2024-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|