|
261
|
8.1 |
HIGH
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or …
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-46892
|
2024-11-14 08:13 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
9.1 |
CRITICAL
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could al…
New
|
CWE-78
OS Command
|
CVE-2024-46890
|
2024-11-14 08:12 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
5.3 |
MEDIUM
Network
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could a…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2024-46889
|
2024-11-14 08:11 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
264
|
9.9 |
CRITICAL
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. Thi…
New
|
CWE-22
Path Traversal
|
CVE-2024-46888
|
2024-11-14 08:11 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
10.0 |
CRITICAL
Network
siemens
|
telecontrol_server_basic
|
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44102
|
2024-11-14 08:05 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
266
|
8.8 |
HIGH
Network
|
tenda
|
ac10_firmware
|
A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of …
Update
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2024-11061
|
2024-11-14 08:04 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
7.2 |
HIGH
Network
|
surajkumarvishwakarma
|
real_estate_management_system
|
A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component A…
Update
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2024-11058
|
2024-11-14 08:03 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
9.8 |
CRITICAL
Network
ruijie
|
rg-nbs2009g-p_firmware
|
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-24117
|
2024-11-14 07:56 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
269
|
- |
|
-
|
-
|
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing …
New
|
-
|
CVE-2024-52554
|
2024-11-14 07:35 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
- |
|
-
|
-
|
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
New
|
-
|
CVE-2024-52553
|
2024-11-14 07:35 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
