51
|
8.6 |
HIGH
Network
cisco
|
ios_xe
|
A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utiliz…
Update
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-20480
|
2024-10-4 05:07 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
52
|
4.3 |
MEDIUM
Network
|
gestsup
|
gestsup
|
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
Update
|
CWE-352
Origin Validation Error
|
CVE-2023-52060
|
2024-10-4 04:58 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
53
|
5.4 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.
Please note…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-36359
|
2024-10-4 04:49 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
54
|
7.8 |
HIGH
Local
|
aveva
|
pi_asset_framework_client
|
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socia…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-3467
|
2024-10-4 04:47 |
2024-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
55
|
4.9 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-37280
|
2024-10-4 04:37 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
56
|
4.6 |
MEDIUM
Physics
|
motorola
|
vigilant_fixed_lpr_coms_box_firmware
|
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-38280
|
2024-10-4 04:36 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
57
|
- |
|
-
|
-
|
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
New
|
-
|
CVE-2024-41596
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
58
|
- |
|
-
|
-
|
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.
New
|
-
|
CVE-2024-41595
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
59
|
- |
|
-
|
-
|
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
New
|
-
|
CVE-2024-41592
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
60
|
- |
|
-
|
-
|
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.
New
|
-
|
CVE-2024-41584
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|