|
1371
|
7.8 |
HIGH
Local
|
siemens
|
siport
|
A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders.
This could allow a local attacker with …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-47783
|
2024-11-14 08:13 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1372
|
8.1 |
HIGH
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or …
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-46892
|
2024-11-14 08:13 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1373
|
9.1 |
CRITICAL
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could al…
|
CWE-78
OS Command
|
CVE-2024-46890
|
2024-11-14 08:12 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1374
|
5.3 |
MEDIUM
Network
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could a…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2024-46889
|
2024-11-14 08:11 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1375
|
9.9 |
CRITICAL
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. Thi…
|
CWE-22
Path Traversal
|
CVE-2024-46888
|
2024-11-14 08:11 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1376
|
10.0 |
CRITICAL
Network
siemens
|
telecontrol_server_basic
|
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44102
|
2024-11-14 08:05 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1377
|
8.8 |
HIGH
Network
|
tenda
|
ac10_firmware
|
A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of …
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2024-11061
|
2024-11-14 08:04 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1378
|
7.2 |
HIGH
Network
|
surajkumarvishwakarma
|
real_estate_management_system
|
A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component A…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2024-11058
|
2024-11-14 08:03 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1379
|
9.8 |
CRITICAL
Network
ruijie
|
rg-nbs2009g-p_firmware
|
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-24117
|
2024-11-14 07:56 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1380
|
- |
|
-
|
-
|
DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id.
|
-
|
CVE-2024-37791
|
2024-11-14 07:35 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
