|
312301
|
7.2 |
HIGH
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to …
|
NVD-CWE-Other
|
CVE-2024-8071
|
2024-08-24 00:34 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312302
|
6.5 |
MEDIUM
Network
|
ibm
|
openpages_with_watson
openpages_grc_platform
|
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-35151
|
2024-08-24 00:32 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312303
|
5.9 |
MEDIUM
Network
|
ibm
|
sterling_connect_direct_web_services
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2024-39746
|
2024-08-24 00:25 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312304
|
7.5 |
HIGH
Network
|
ibm
|
sterling_connect_direct_web_services
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-39745
|
2024-08-24 00:25 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312305
|
4.3 |
MEDIUM
Network
|
ibm
|
sterling_connect_direct_web_services
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fro…
|
CWE-352
Origin Validation Error
|
CVE-2024-39744
|
2024-08-24 00:25 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312306
|
5.3 |
MEDIUM
Network
|
youdiancms
|
youdiancms
|
A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to informati…
|
NVD-CWE-noinfo
|
CVE-2024-7328
|
2024-08-24 00:25 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312307
|
5.4 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability is due…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20443
|
2024-08-24 00:18 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312308
|
4.8 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability is due…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20479
|
2024-08-24 00:14 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312309
|
5.3 |
MEDIUM
Network
|
hp
|
instantos
|
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results…
|
NVD-CWE-noinfo
|
CVE-2024-42396
|
2024-08-24 00:07 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312310
|
5.3 |
MEDIUM
Network
|
arubanetworks
hp
|
arubaos
instantos
|
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to…
|
NVD-CWE-noinfo
|
CVE-2024-42400
|
2024-08-24 00:06 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
