141
|
4.9 |
MEDIUM
Network
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and ob…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8459
|
2024-10-4 23:42 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
142
|
8.8 |
HIGH
Network
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malici…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8458
|
2024-10-4 23:42 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
143
|
7.5 |
HIGH
Network
echostar
|
fusion
|
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configurati…
Update
|
NVD-CWE-noinfo
|
CVE-2024-42495
|
2024-10-4 23:37 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
144
|
4.6 |
MEDIUM
Physics
|
echostar
|
fusion
|
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configurati…
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-39278
|
2024-10-4 23:36 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
145
|
8.8 |
HIGH
Network
|
apache
|
apache-airflow-providers-apache-hive
|
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.
Patching on top of CVE-2023-35797
Before 6.1.2 the proxy_user option can also inject semico…
Update
|
CWE-20
Improper Input Validation
|
CVE-2023-37415
|
2024-10-4 23:35 |
2023-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
146
|
9.8 |
CRITICAL
Network
dlink
|
dir820la1_firmware
|
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Update
|
CWE-78
OS Command
|
CVE-2023-25280
|
2024-10-4 23:35 |
2023-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
147
|
9.8 |
CRITICAL
Network
draytek
|
vigor3900_firmware vigor2960_firmware vigor300b_firmware
|
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-pytho…
Update
|
CWE-78
OS Command
|
CVE-2020-15415
|
2024-10-4 23:35 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
148
|
9.8 |
CRITICAL
Network
sap
|
commerce_cloud
|
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hyb…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-0344
|
2024-10-4 23:35 |
2019-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
149
|
6.5 |
MEDIUM
Network
|
zoom
|
zoom vdi_windows_meeting_clients meeting_software_development_kit
|
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via …
Update
|
NVD-CWE-noinfo
|
CVE-2024-24696
|
2024-10-4 23:33 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
150
|
- |
|
-
|
-
|
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument cu…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9515
|
2024-10-4 23:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|