1121
|
6.8 |
MEDIUM
Physics
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial consol…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-8449
|
2024-10-5 00:08 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1122
|
8.8 |
HIGH
Network
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and o…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-8448
|
2024-10-5 00:07 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1123
|
4.8 |
MEDIUM
Network
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8457
|
2024-10-4 23:45 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1124
|
9.8 |
CRITICAL
Network
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and sy…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8456
|
2024-10-4 23:45 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1125
|
5.9 |
MEDIUM
Network
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware igs-5225-4up1t2s_firmware
|
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user p…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2024-8455
|
2024-10-4 23:45 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1126
|
4.9 |
MEDIUM
Network
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and ob…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8459
|
2024-10-4 23:42 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1127
|
8.8 |
HIGH
Network
|
planet
|
gs-4210-24p2s_firmware gs-4210-24pl4c_firmware
|
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malici…
|
CWE-352
Origin Validation Error
|
CVE-2024-8458
|
2024-10-4 23:42 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1128
|
7.5 |
HIGH
Network
echostar
|
fusion
|
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configurati…
|
NVD-CWE-noinfo
|
CVE-2024-42495
|
2024-10-4 23:37 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1129
|
4.6 |
MEDIUM
Physics
|
echostar
|
fusion
|
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configurati…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-39278
|
2024-10-4 23:36 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1130
|
8.8 |
HIGH
Network
|
apache
|
apache-airflow-providers-apache-hive
|
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.
Patching on top of CVE-2023-35797
Before 6.1.2 the proxy_user option can also inject semico…
|
CWE-20
Improper Input Validation
|
CVE-2023-37415
|
2024-10-4 23:35 |
2023-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|