41
|
7.2 |
HIGH
Network
|
atlassian
|
jira_data_center jira_server
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center al…
Update
|
CWE-94
Code Injection
|
CVE-2022-36799
|
2024-10-4 04:35 |
2022-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
9.8 |
CRITICAL
Network
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-2628
|
2024-10-4 04:35 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
43
|
5.3 |
MEDIUM
Network
nokia
|
g-040w-q_firmware
|
Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, re…
Update
|
NVD-CWE-noinfo
|
CVE-2023-41354
|
2024-10-4 04:24 |
2023-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
44
|
7.8 |
HIGH
Local
|
pilz codesys festo wago
|
pmc control_for_beaglebone control_for_empc-a\/imx6 control_for_iot2000 control_for_pfc100 control_for_pfc200 control_for_plcnext control_for_raspberry_pi hmi_v3 control_v3…
|
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can…
Update
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-12069
|
2024-10-4 04:18 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
- |
|
-
|
-
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
New
|
-
|
CVE-2024-9266
|
2024-10-4 04:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
- |
|
-
|
-
|
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG o…
New
|
-
|
CVE-2024-41594
|
2024-10-4 04:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
- |
|
-
|
-
|
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of…
New
|
-
|
CVE-2024-41593
|
2024-10-4 04:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
- |
|
-
|
-
|
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
New
|
-
|
CVE-2024-41591
|
2024-10-4 04:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
- |
|
-
|
-
|
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor…
New
|
-
|
CVE-2024-41590
|
2024-10-4 04:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
- |
|
-
|
-
|
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters pa…
New
|
-
|
CVE-2024-41588
|
2024-10-4 04:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|