1771
|
6.6 |
MEDIUM
Network
|
bitdefender
|
endpoint_security_tools
|
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2021-3485
|
2024-09-17 02:15 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1772
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to…
|
NVD-CWE-Other
|
CVE-2019-20923
|
2024-09-17 02:15 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1773
|
6.5 |
MEDIUM
Network
mongodb
|
mongomirror database_tools
|
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in acc…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7924
|
2024-09-17 02:15 |
2021-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1774
|
9.8 |
CRITICAL
Network
ibm
|
sterling_connect_direct_web_services
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
|
CWE-1392
Use of Default Credentials
|
CVE-2024-39747
|
2024-09-17 02:13 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1775
|
7.5 |
HIGH
Network
skyport
|
skyportd
|
Skyport Daemon (skyportd) is the daemon for the Skyport Panel. By making thousands of folders & files (easy due to skyport's lack of rate limiting on createFolder. createFile), skyportd in a lot of c…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-42481
|
2024-09-17 02:10 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1776
|
9.8 |
CRITICAL
Network
secom
|
dr.id_attendance_system
|
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database cont…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7732
|
2024-09-17 01:49 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1777
|
7.8 |
HIGH
Local
|
ultimaker
|
ultimaker_cura
|
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of th…
|
CWE-94
Code Injection
|
CVE-2024-8374
|
2024-09-17 01:44 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1778
|
5.5 |
MEDIUM
Local
|
artifex
|
mupdf
|
The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF docume…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10221
|
2024-09-17 01:35 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1779
|
6.4 |
MEDIUM
Network
|
halo
|
halo
|
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2024-43793
|
2024-09-17 01:28 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1780
|
6.1 |
MEDIUM
Network
|
halo
|
halo
|
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2024-43792
|
2024-09-17 01:26 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|