521
|
4.3 |
MEDIUM
Network
|
gestsup
|
gestsup
|
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
Update
|
CWE-352
Origin Validation Error
|
CVE-2023-52060
|
2024-10-4 04:58 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
522
|
5.4 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.
Please note…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-36359
|
2024-10-4 04:49 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
523
|
7.8 |
HIGH
Local
|
aveva
|
pi_asset_framework_client
|
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socia…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-3467
|
2024-10-4 04:47 |
2024-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
524
|
4.9 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-37280
|
2024-10-4 04:37 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
525
|
4.6 |
MEDIUM
Physics
|
motorola
|
vigilant_fixed_lpr_coms_box_firmware
|
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-38280
|
2024-10-4 04:36 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
526
|
7.5 |
HIGH
Adjacent
|
samsung
|
syncthru_web_service
|
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
Update
|
NVD-CWE-noinfo
|
CVE-2021-35309
|
2024-10-4 04:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
527
|
8.8 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-2137
|
2024-10-4 04:35 |
2023-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
528
|
7.5 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafte…
Update
|
CWE-416
Use After Free
|
CVE-2023-2135
|
2024-10-4 04:35 |
2023-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
529
|
7.2 |
HIGH
Network
|
atlassian
|
jira_data_center jira_server
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center al…
Update
|
CWE-94
Code Injection
|
CVE-2022-36799
|
2024-10-4 04:35 |
2022-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
530
|
5.3 |
MEDIUM
Network
nokia
|
g-040w-q_firmware
|
Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, re…
Update
|
NVD-CWE-noinfo
|
CVE-2023-41354
|
2024-10-4 04:24 |
2023-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|