2581
|
7.8 |
HIGH
Local
|
nokia
|
wavelite_metro_200_and_fan_firmware wavelite_metro_200_ops_and_fans_firmware wavelite_metro_200_and_f2b_fans_firmware wavelite_metro_200_ops_and_f2b_fans_firmware wavelite_metro_200_ne_an…
|
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for…
|
NVD-CWE-Other
|
CVE-2023-22618
|
2024-09-20 23:35 |
2023-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2582
|
6.5 |
MEDIUM
Network
|
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-8778
|
2024-09-20 23:23 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2583
|
7.5 |
HIGH
Network
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-8777
|
2024-09-20 23:22 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2584
|
7.8 |
HIGH
Local
|
zoom
|
rooms
|
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
|
NVD-CWE-Other
|
CVE-2023-36538
|
2024-09-20 23:15 |
2023-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2585
|
9.8 |
CRITICAL
Network
onelogin omniauth gitlab
|
ruby-saml omniauth_saml gitlab
|
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenti…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-45409
|
2024-09-20 23:13 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2586
|
6.5 |
MEDIUM
Network
|
ibm
|
aspera_shares
|
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-38315
|
2024-09-20 23:09 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2587
|
7.8 |
HIGH
Local
|
mattermost
|
mattermost_desktop
|
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-39613
|
2024-09-20 22:59 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2588
|
5.3 |
MEDIUM
Physics
|
rfideas
|
micard_plus_ci_firmware micard_plus_ble_firmware
|
The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card read…
|
NVD-CWE-noinfo
|
CVE-2024-1578
|
2024-09-20 22:53 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2589
|
4.8 |
MEDIUM
Network
|
oracle netapp
|
graalvm graalvm_for_jdk java_jre java_jdk oncommand_workflow_automation oncommand_insight bluexp cloud_insights_storage_workload_security_agent
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u4…
|
NVD-CWE-noinfo
|
CVE-2024-21145
|
2024-09-20 22:46 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2590
|
9.8 |
CRITICAL
Network
gargaj
|
wuhu
|
A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slid…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-6948
|
2024-09-20 22:41 |
2024-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|