|
2591
|
- |
|
-
|
-
|
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
|
-
|
CVE-2024-53376
|
2024-12-18 05:15 |
2024-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2592
|
- |
|
-
|
-
|
An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML injection by an attacker who can create a …
|
-
|
CVE-2024-55918
|
2024-12-18 05:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2593
|
- |
|
-
|
-
|
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for t…
|
CWE-285
Improper Authorization
|
CVE-2024-51479
|
2024-12-18 04:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2594
|
- |
|
-
|
-
|
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authenti…
|
-
|
CVE-2024-45494
|
2024-12-18 04:15 |
2024-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2595
|
- |
|
-
|
-
|
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the …
|
-
|
CVE-2024-45493
|
2024-12-18 04:15 |
2024-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2596
|
3.7 |
LOW
Network
|
-
|
-
|
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-49820
|
2024-12-18 03:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2597
|
4.1 |
MEDIUM
Local
|
-
|
-
|
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by u…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-49819
|
2024-12-18 03:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2598
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1
could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the bro…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-49818
|
2024-12-18 03:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2599
|
4.4 |
MEDIUM
Local
|
-
|
-
|
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
|
CWE-260
Password in Configuration File
|
CVE-2024-49817
|
2024-12-18 03:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2600
|
4.9 |
MEDIUM
Network
|
-
|
-
|
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-49816
|
2024-12-18 03:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
