|
381
|
4.6 |
MEDIUM
Physics
|
proges
|
sensor_net_connect_firmware_v2
|
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security…
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-3082
|
2024-10-1 00:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
5.5 |
MEDIUM
Local
|
proges
|
thermoscan_ip
|
A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition o…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-31203
|
2024-10-1 00:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
7.8 |
HIGH
Local
|
proges
|
thermoscan_ip
|
A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-31202
|
2024-10-1 00:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
xattr in ocfs2 maybe 'non-indexed', which saved with addition…
Update
|
-
|
CVE-2024-41016
|
2024-10-1 00:15 |
2024-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
5.5 |
MEDIUM
Local
|
linux
fedoraproject
|
linux_kernel
fedora
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: walk over current view on netlink dump
The generation mask can be updated while netlink dump is in pro…
Update
|
NVD-CWE-noinfo
|
CVE-2024-27017
|
2024-10-1 00:15 |
2024-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
4.2 |
MEDIUM
Network
|
tyan
|
s5552\/s5552wgm4nr-ex_firmware
s5552\/s5552wgm4nr_firmware
s5552\/s5552gm4nr_firmware
s5552\/s5552gm2nr_firmware
|
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TL…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2023-2538
|
2024-10-1 00:15 |
2023-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
7.5 |
HIGH
Network
lannerinc
|
iac-ast2500a_firmware
|
A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) …
Update
|
NVD-CWE-Other
|
CVE-2021-44467
|
2024-10-1 00:15 |
2022-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
388
|
9.8 |
CRITICAL
Network
lannerinc
|
iac-ast2500a_firmware
|
Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same…
Update
|
CWE-77
CWE-787
Command Injection
Out-of-bounds Write
|
CVE-2021-26731
|
2024-10-1 00:15 |
2022-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
389
|
5.4 |
MEDIUM
Network
|
wpdeveloperr
|
confetti_fall_animation
|
The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.0 due to i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8919
|
2024-10-1 00:08 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
4.3 |
MEDIUM
Network
|
javmah
|
spreadsheet_integration
|
The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-6590
|
2024-09-30 23:31 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
