|
2121
|
6.5 |
MEDIUM
Network
|
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-8778
|
2024-09-20 23:23 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2122
|
7.5 |
HIGH
Network
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-8777
|
2024-09-20 23:22 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2123
|
7.8 |
HIGH
Local
|
zoom
|
rooms
|
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
|
NVD-CWE-Other
|
CVE-2023-36538
|
2024-09-20 23:15 |
2023-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2124
|
9.8 |
CRITICAL
Network
onelogin
omniauth
gitlab
|
ruby-saml
omniauth_saml
gitlab
|
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenti…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-45409
|
2024-09-20 23:13 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2125
|
6.5 |
MEDIUM
Network
|
ibm
|
aspera_shares
|
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-38315
|
2024-09-20 23:09 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2126
|
7.8 |
HIGH
Local
|
mattermost
|
mattermost_desktop
|
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-39613
|
2024-09-20 22:59 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2127
|
5.3 |
MEDIUM
Physics
|
rfideas
|
micard_plus_ci_firmware
micard_plus_ble_firmware
|
The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card read…
|
NVD-CWE-noinfo
|
CVE-2024-1578
|
2024-09-20 22:53 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2128
|
4.8 |
MEDIUM
Network
|
oracle
netapp
|
graalvm
graalvm_for_jdk
java_jre
java_jdk
oncommand_workflow_automation
oncommand_insight
bluexp
cloud_insights_storage_workload_security_agent
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u4…
|
NVD-CWE-noinfo
|
CVE-2024-21145
|
2024-09-20 22:46 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2129
|
9.8 |
CRITICAL
Network
gargaj
|
wuhu
|
A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slid…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-6948
|
2024-09-20 22:41 |
2024-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2130
|
5.3 |
MEDIUM
Network
gargaj
|
wuhu
|
A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?ed…
|
CWE-22
Path Traversal
|
CVE-2024-6949
|
2024-09-20 22:39 |
2024-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
