2011
|
- |
|
-
|
-
|
Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.
|
-
|
CVE-2023-41612
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2012
|
6.5 |
MEDIUM
Network
|
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of ot…
|
NVD-CWE-noinfo
|
CVE-2024-8780
|
2024-09-20 23:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2013
|
7.8 |
HIGH
Local
|
konghq
|
insomnia
|
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
|
NVD-CWE-noinfo
|
CVE-2023-40299
|
2024-09-20 23:35 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2014
|
8.8 |
HIGH
Adjacent
|
furunosystems
|
acera_1310_firmware acera_1320_firmware
|
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the a…
|
CWE-287
Improper Authentication
|
CVE-2023-42771
|
2024-09-20 23:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2015
|
7.8 |
HIGH
Local
|
nokia
|
wavelite_metro_200_and_fan_firmware wavelite_metro_200_ops_and_fans_firmware wavelite_metro_200_and_f2b_fans_firmware wavelite_metro_200_ops_and_f2b_fans_firmware wavelite_metro_200_ne_an…
|
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for…
|
NVD-CWE-Other
|
CVE-2023-22618
|
2024-09-20 23:35 |
2023-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2016
|
6.5 |
MEDIUM
Network
|
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-8778
|
2024-09-20 23:23 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2017
|
7.5 |
HIGH
Network
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-8777
|
2024-09-20 23:22 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2018
|
7.8 |
HIGH
Local
|
zoom
|
rooms
|
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
|
NVD-CWE-Other
|
CVE-2023-36538
|
2024-09-20 23:15 |
2023-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2019
|
9.8 |
CRITICAL
Network
onelogin omniauth gitlab
|
ruby-saml omniauth_saml gitlab
|
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenti…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-45409
|
2024-09-20 23:13 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2020
|
6.5 |
MEDIUM
Network
|
ibm
|
aspera_shares
|
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-38315
|
2024-09-20 23:09 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|