|
1851
|
7.5 |
HIGH
Network
lenovo
|
nextscale_n1200_enclosure_firmware
thinkagile_cp-cb-10_firmware
thinkagile_cp-cb-10e_firmware
thinkagile_hx_enclosure_certified_node_firmware
thinkagile_vx_enclosure_firmware
thinksyst…
|
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore acc…
|
NVD-CWE-noinfo
|
CVE-2023-2992
|
2024-09-17 00:15 |
2023-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1852
|
8.8 |
HIGH
Network
|
datagear
|
datagear
|
A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The mani…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-2042
|
2024-09-17 00:15 |
2023-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1853
|
6.7 |
MEDIUM
Local
|
lenovo
|
thinkpad_e14_firmware
thinkpad_e14_gen_2_firmware
thinkpad_e14_gen_4_firmware
thinkpad_e15_firmware
thinkpad_e15_gen_2_firmware
thinkpad_e15_gen_4_firmware
thinkpad_e490_firmware
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
|
NVD-CWE-noinfo
|
CVE-2023-2290
|
2024-09-17 00:15 |
2023-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1854
|
6.5 |
MEDIUM
Network
|
snowflake
|
streamlit
|
Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Stre…
|
CWE-22
Path Traversal
|
CVE-2024-42474
|
2024-09-16 23:30 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1855
|
4.3 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
openpages_with_watson
|
IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.
|
NVD-CWE-Other
|
CVE-2024-27257
|
2024-09-16 23:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1856
|
6.5 |
MEDIUM
Local
|
theforeman
|
foreman
|
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the ne…
|
CWE-77
Command Injection
|
CVE-2024-7700
|
2024-09-16 23:20 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1857
|
4.3 |
MEDIUM
Network
|
sap
|
oil_\%\/_gas
|
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow…
|
CWE-862
Missing Authorization
|
CVE-2024-44112
|
2024-09-16 23:19 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1858
|
5.4 |
MEDIUM
Network
|
checkmk
|
checkmk
|
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
|
CWE-79
Cross-site Scripting
|
CVE-2024-6052
|
2024-09-16 23:15 |
2024-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1859
|
6.5 |
MEDIUM
Network
|
redhat
infinispan
|
data_grid
jboss_data_grid
infinispan
|
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed objec…
|
NVD-CWE-Other
|
CVE-2023-5236
|
2024-09-16 23:15 |
2023-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1860
|
6.5 |
MEDIUM
Network
|
redhat
infinispan
|
data_grid
jboss_data_grid
jboss_enterprise_application_platform
infinispan
|
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access inf…
|
NVD-CWE-Other
|
CVE-2023-3629
|
2024-09-16 23:15 |
2023-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
