601
|
- |
|
-
|
-
|
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessar…
New
|
-
|
CVE-2024-25660
|
2024-10-2 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
602
|
- |
|
-
|
-
|
In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories o…
New
|
-
|
CVE-2024-25659
|
2024-10-2 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
603
|
6.5 |
MEDIUM
Local
|
linuxfoundation mediatek google linux
|
yocto iot_yocto android linux_kernel
|
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interacti…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-20850
|
2024-10-2 03:35 |
2023-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
604
|
9.8 |
CRITICAL
Network
meshtastic
|
meshtastic_firmware
|
Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-47078
|
2024-10-2 03:29 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
605
|
9.8 |
CRITICAL
Network
ptzoptics
|
pt30x-sdi_firmware pt30x-ndi-xx-g2_firmware
|
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrar…
Update
|
CWE-78
OS Command
|
CVE-2024-8957
|
2024-10-2 02:49 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
606
|
9.8 |
CRITICAL
Network
macwk
|
icecms
|
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser.
Update
|
NVD-CWE-noinfo
|
CVE-2023-36100
|
2024-10-2 02:35 |
2023-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
607
|
9.8 |
CRITICAL
Network
mybb
|
mybb
|
Installer RCE on settings file write in MyBB before 1.8.22.
Update
|
NVD-CWE-noinfo
|
CVE-2020-22612
|
2024-10-2 02:35 |
2023-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
608
|
8.8 |
HIGH
Network
|
atlassian
|
bamboo_data_center bamboo_server
|
This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center.
This Injection and RCE (Remote Code Execut…
Update
|
CWE-94
Code Injection
|
CVE-2023-22506
|
2024-10-2 02:35 |
2023-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
609
|
8.6 |
HIGH
Network
circutor
|
q-smt_firmware
|
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login p…
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-8887
|
2024-10-2 02:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
610
|
9.8 |
CRITICAL
Network
scriptcase
|
scriptcase
|
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST requ…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8940
|
2024-10-2 02:21 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|